Re: "I just entered my keychain password instead of VPN account…"

In: s/privacy

me too)

🕷 baran

2025-09-28 · 7 months ago

2 Later Comments ↓

🦂 zzo38 · 2025-09-28 at 02:48:

Using hashes won't help much, but using public/private key for authentication would help (which is what happens when you use a X.509 certificate). Only accepting credentials over an encrypted connection also does not help as much, in case the server is compromised or if you connect to the wrong server and do not check that it is the right one.

📻 eugene · 2025-09-28 at 07:15:

In practice, logging entered passwords in plaintext is very rare: it exposes the service to legal liabilities and usually serves no practical purpose since when they want to log in as you on their service, they can do it anyway. (On many kinds of services, this is an essential tech support feature.)

That said... what are you doing typing passwords in manually and from memory? Get a password manager.

🌒 s/privacy

👻 ps:

I just entered my keychain password instead of VPN account one. If this action potentially sent my password to the VPN logs, then they now know my IP address and credentials and able to connect me with SSH. I'm worried about connecting, and I don't want to change my credentials because of that. How many people have done the same and do not have their firewall configured properly.

💬 13 comments · 2025-03-29 · 1 year ago