Comment by ๐ stack
Re: "I just entered my keychain password instead of VPN accountโฆ"
a while back I was trying to log in somewhere, but it wasn't working for some reason. I kept pounding in my password, then realized it was going straight to an open IRC window...
By then there were many giggles there.
2025-09-27 ยท 7 months ago
3 Later Comments โ
๐ท baran ยท 2025-09-28 at 00:53:
me too)
๐ฆ zzo38 ยท 2025-09-28 at 02:48:
Using hashes won't help much, but using public/private key for authentication would help (which is what happens when you use a X.509 certificate). Only accepting credentials over an encrypted connection also does not help as much, in case the server is compromised or if you connect to the wrong server and do not check that it is the right one.
๐ป eugene ยท 2025-09-28 at 07:15:
In practice, logging entered passwords in plaintext is very rare: it exposes the service to legal liabilities and usually serves no practical purpose since when they want to log in as you on their service, they can do it anyway. (On many kinds of services, this is an essential tech support feature.)
That said... what are you doing typing passwords in manually and from memory? Get a password manager.
Original Post
I just entered my keychain password instead of VPN account one. If this action potentially sent my password to the VPN logs, then they now know my IP address and credentials and able to connect me with SSH. I'm worried about connecting, and I don't want to change my credentials because of that. How many people have done the same and do not have their firewall configured properly.