SecLists VS Bitwarden

https://github.com/danielmiessler/SecLists/blob/master/Usernames/xato-net-10-million-usernames.txt is not enough usernames

This reminds me of [0] where they maintain composite lists of frequently used passwords. Also in the repo is probably my favorite pull request ever [1].

[0] https://github.com/danielmiessler/SecLists

[1] https://github.com/danielmiessler/SecLists/pull/155

Maybe swagger.txt

Typical of the sorts of information a tester/attacker might be using from: Daniel Miessler's SecLists

Oh, and then you have this.

You can now also enable a rule for password dictionary. Appwrite knows what are the most common passwords, and with this rule enabled, it will not allow you users to set any of those passwords. It prevents your users from having passwords like password, 123456678, or qwertyui. Appwrite currently knows the 10,000 most commonly used passwords thanks to the same list used by other industry-leading auth providers. You can check out the dictionary list on GitHub.

Try wifite if you don’t know how to use hashcat it is pretty simple. Hashcat is pretty easy as well I am to lazy to get on my laptop right now but just get the right wordlist Seclist has a shit load of them https://github.com/danielmiessler/SecLists

Fellow rust players know the way

For passwords and 2FA I use Bitwarden in combination with a self-hosted Vaultwarden service (for imcreased security and use of pro features for free).

First it's good to use a password manager, however it's not a good idea to use the one built into your browser. I would suggest switching to BitWarden or similar (not LastPass).

I just noticed today when relogging in on Bitwarden (I couldn't sync my vault) that it said "Logged in as [email] on __$2__" instead of "Logged in as [email] on bitwarden.com". I don't know why or how that happened, and I have no idea what it means. Did I screw up somehow? Just to be clear, I did login and just after I logged in my brain realized that it said "__$2__" instead of what it should say.

bitwarden:~$ sudo ./bitwarden.sh updateself _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2023, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== bitwarden.sh version 2023.10.3 Docker version 24.0.7, build afdd53b Docker Compose version v2.21.0 Updated self. bitwarden:~$ sudo ./bitwarden.sh update _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2023, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== bitwarden.sh version 2023.10.3 Docker version 24.0.7, build afdd53b Docker Compose version v2.21.0 Update not needed bitwarden:~$

Bitwarden (version 8588): A secure and free password manager for all of your devices.

I would also recommend the use of a password manager such as Proton Pass, BitWarden or 1Password if your looking for a more premium solution.

Use a password manager if you do not already and have it generate unique passwords for every website. Bitwarden is one of the best. You should NEVER reuse passwords and should always use unique passwords. It may be inconvenient at first but a password manager like Bitwarden really does make it a whole lot more convenient. Your e-mail especially should have its own unique password. You should also use two-factor authentication on any website that offers it. If you do not have a good AV on your computers, Bitdefender and Kaspersky both offer free options. The website https://haveibeenpwned.com/ is a good place to check if your credentials have been in a data breach.