I have a dedicated question regarding the duolingo website ( https://www.duolingo.com/learn) in connection with my password.
I´ve been using Duolingo for some years now.
In order to access my courses I created a dedicated account, of course. So I log in with a special password, which is connected to my Duolingo account.
Yesterday however I inadvertently did something silly: Out of clumsiness, or rather absentmindedness, I entered the password of my computer, the Linux Lite setup.
How dumb am I
Of course the password was rejected by Duolingo, as it isn´t the correct one for the Duolingo account.
I just want to know: are those failed login attempts stored either on my system or on Duolingo itself?
Need I be worried
I certainly don´t want my computer password to be stored by any website.
Most commercial systems would not keep files of wrong passwords but would only record the number of failed attempts to any given account. They do, at times keep track of a certain number of old passwords of accounts in order to ensure updated passwords are actually different from the last x-number of password(s) used.
I would agree with the last reply as failed attempts usually only trigger a count of fails, so for example 3 goes then your locked out for hour…
Exception is if using chrome or firefox and you have the password manager running, it would ask if you want to update or change your password for that site then its recorded locally in your browser.
I looked at mine this morning thinking of an answer for you and discovered some sites i had totally forgotten i had registered with. Also if you buy a new device its transfered as a file to that device on log in to your google account.
Instead of passwords, use passphrases.
Try Diceware and combine it with a password manager. I use BitWarden.
Online generator: Diceware Secure Passphrase and Password Generator
Or download the app and run it on your own computer for security.
Read the whole page for fascinating info. https://bitwarden.com/
Hi @shaktar ,
I use a modified form of passphrase.
My problem is that I dont like vaults or any other means of storing passsords in the computer…
Apart from paper, obviously with encryption, do you know of any means of keeping passwords/passphrases offline. ?
Regards
Neville
either 2 or 3 or 4 unrelated dictionary words (I have different variations of the script) - with a number and a symbol - because some systems force you to use symbols and numbers too…
Simple python script I plagiarised :
#!/usr/bin/env python3
# shamelessly stolen from https://bitbucket.org/delx/scripts/src/0ce6d4464673/passphrasegen
import random
import os
WORDS_FILENAME = os.environ.get("WORDS", "/usr/share/dict/words")
NUM_WORDS = 3
MAX_LEN = 8
MIN_LEN = 3
WORDS = open(WORDS_FILENAME)
WORDS = [word.strip().title() for word in WORDS]
WORDS = [word for word in WORDS if word.isalpha() and MIN_LEN <= len(word) <= MAX_LEN]
def generate():
random_words = [random.choice(WORDS) for _ in range(NUM_WORDS)]
random_number = random.randint(10, 100)
return "-".join(random_words + [str(random_number)])
for i in range(10):
print(generate()
That gives me 10 to choose from - I pick at the one that looks easiest to remember and type out…
I have been using KeePassXC. Encrypted database in one directory, key file in another and password remembered or elsewhere. If really keen, 2FA with security key (yubikey or similar) on NSF or USB. The software has a password generator, can store other info and seems really solid …!
@nevj as @Rosika stated, “You never stop learning.” I did not know this existed. I read up on it, put it in my Linux notebook and will be looking further into using this.
Linux continues to amaze me in the way it has tried to account for everything needed in computers.
I tried PGP / GPG recently (i.e. last 2-3 years or so) - found it incredibly cumbersome…
AGE is light years ahead of PGP (IMHO) - and much more usable - and as widely available…
(I just install it using Brew on MacOS and apt / yum on Linux)
I use it for my home “roll your own” password manager… runs everywhere I throw it on (MacOS, Linux [x86 and arm])… Haven’t tried it on Windows as I don’t have any Windows I use often enough to make it worthwhile…
When I’m not using my “roll your own” solution - I just use Keepass2 - as I have customers who use that format… and the DB files open equally well on Linux Keepass2 and Keepass for Windows… it’s not perfect - but it mostly “works”
With my own personal keepass - protect it with both a password, and a master key - requires both… Some of my customers use just the master key, and who has read access to the master keys depends on AD group membership and NTFS file permissions…
I was afraid of that. pass itself is simple, but it might be crippled by a cumbersome key system.
I dont think I can make it use something othsr than gpg.
@daniel.m.tripp ,
What do you know about moving gpg keys across distros?
Can I just copy files from ~/.gnupg to another distro?
I can share the password-store easily across distros by locating it in my common data partition.
but gpg might not like being on the data partition, and it might screw up other software.
What happens with gpg when I move to another computer?
Is that the same as changing distros? Or am I supposed
to treat it like sending a public key to someone else?
No idea - only ever tried it on one computer and found it too cumbersome to persevere… Kept using just KeePass…
Then I found age and started using that as it was a lot easier to get my head around… my password databases are now encrypted text files using age…
But I do still use Keepass as well…
Despite what I said earlier about Red Hat / RPM / YUM - I never got age to work on my RHEL8 system and don’t really need it there anyway… The github page for the project says it’s in the Fedora 33+ repos, but it’s not in the RHEL8 repos… It might be available in EPEL, haven’t checked, and the github doesn’t mention CentOS either… it was piece of cake to install in FreeBSD too (TrueNAS).
That sounds simple. Just use a text file and encrypt it .
You manage the text file with vi, and you encrypt it by hand with age. Age still needs a key… that is the only complication. How do you share the key across distros and across computers?
I use resilio sync for that… I have a separate share just for this… It also has it’s own shell scripts to decrypt on the fly - and also to unencrypt if I need to update entries… it’s probably cumbersome - but the age product is pretty simple to use, and I’m VERY compfortable with shell scripts…
By “on the fly” I mean to: STDOUT - I don’t decrypt the actual files to read them… I guess that might write something to somewhere…
I only decrypt the actual files to edit them…
The shell scripts also take into account whether they’re being run from MacOS, Linux or FreeBSD…
OK , so I can copy the keys ( and the passsord files) to anywhere. Using age would be good, because it is not used for anything else… i can just copy everything it needs.
Thanks, will be trying that.
I like simple tools… preparing for my old age.
