Hello Lattepunk
Lattepunk
Welcome to the first newsletter of Lattepunk.
So many things to cover. What is the newsletter about? What does Lattepunk mean? Will there be coffee? Rest assured, your questions will be answered in due time.
But first, I want to talk about something near and dear to my heart. No, not the fact that no one has solved this Cyberpunk 2077 mystery, its passwords! Yes, really!
Even though our password-less future is allegedly around the corner, passwords are still an issue in 2024.
A quick search for an article about the worst passwords in 2024 shows actual shocking results. At number one? 123456. That was the most used password…and not for the first time!
Have I been pwned is a popular resource that tracks data breaches and collects what type of data was captured. Using my old Gmail as a proof of concept, I see that my email was found within 4 data breaches.
Along with my email, those data breaches found usernames, passwords, IP addresses, DOB, and other sensitive information (like my gender…wtf!?).
Luis, why does all this matter? Who is going to try to hack me? Oh dear reader, that’s not how it works nowadays. This breach data typically gets sold online to whoever is willing to pay. Whoever gets the data can then parse through the data to find accounts to take over.
They got my username, password, and email that used on one service. What are the odds I used that same information on a different service? One possibly couldn’t be bothered to have a separate password for every account! But why guess at accounts? They have my Gmail address. Did I use 123456 as my password there too? Now they can monitor what emails come in. Oh! That’s the bank I use! Let me go over there and try the password there. Didn’t work? I got his email account , let’s just hit forgot password and reset it.
That’s an insane hypothetical Luis! That’s not how it works! Fair point. I simplified it a bit but when you’re doing this for the income, you probably got some of this automated already.
Well, what do you want me to do? Have a different password for every site!? Actually, yeah. It’s that simple. And we have the technology to streamline it. Applications like Bitwarden and KeepassXC (among others), make this incredibly easy.
You put in all your accounts, have it generate passwords for each one, then you just autofill (or copy/paste) your password when you go to log in. That’s really it! All you have to do is remember the one password to get into the password manager. For the love of everything, just don’t use 123456.
Remember, any password manager is better than reusing the same password for every account you use (well, maybe not lastpass).
The idea is to make your accounts not worth the hassle. If someone gets your information in some data breach, but they realize that your password 5aoZu775xHx@tnq^kc#9 (strong password by the way) doesn't work anywhere else, it'd be more work to try to figure out your other accounts. They'll move on to easier targets.
Just don't get targeted by a nation state. Then you're screwed.
Further reading on the passkeys thing I mentioned. Wired - I Stopped Using Passwords. It’s Great—and a Total Mess
Also, Apple announced post quantum encryption for iMessage…what!?
If you enjoyed this, share it with someone.