Categories
More posts

Limiting Facebook and Google activities to specific Firefox containers

Mozilla Firefox’s one of the best features is the ability to use multiple logins on a specific website at the time, using the Multi-account containers feature. This feature is available as an extension for Firefox on the desktop, since Firefox 57.0, Firefox Quantum.
Cookies are contained with the color-coded tabs on the same browser session, allowing one to use multiple logins of a particular website at the same time. You can learn more on how this feature works here.

I recently came across two plugins that takes this feature even further, making it very useful. Meet Facebook container and Google container.
The Facebook container is made by Mozilla, while the Google container is a fork by another developer.
When you activate these extensions on your Firefox browser, your Facebook and Google cookies are deleted. The next time you visit Google or Facebook, the respective content will open on a tab that is contained within this container.

A Facebook link contained within the Facebook container on Firefox Quantum

This means, Facebook and Google will no longer will able to read your activities on other websites. You can safely contain to browser other websites that you need, as usual, and these tabs will open on your regular container.

Only Facebook and Google sites will load on their specific containers.
Something even better is that, these extensions do not necessarily apply only to facebook.com and google.com domains.

I read the code a bit, and it looks like most Facebook-owned domains are listed which includes WhatsApp and Instagram.

Likewise blogspot domains are contained within the Google container.
It should be possible that you can extend this code to other domains that Facebook and Google own as well, or fork the original Mozilla code for Facebook container and write your extension.

Categories
More posts

1Password is offering 6 months trial if you haven't signed up yet

I came across a deal today that’s offering 1Password trial for 6 months. I am not quite sure if this has been around since 2017, or even before that, but the good thing is that, 1Password is actively promoting the same and is encouraging new users to use that deal. Link here if you want to sign up without reading any further.
1Password has been my favorite choice of password manager these days. I have tried LastPass in the past, and have been using 1Password since April. I haven’t tried any other password managers so far. I am pretty happy with 1Password’s UI and customer support that I haven’t had a reason to move away.
Some of my most favorite things about 1Password:

The 2FA detector is a bit broken, but one can fix broken items by adding 2fa tag to it. 🔐
I am not a huge fan of the other browser extensions as they are not consistent. 1Password X aims at offering the consistency in UI. I wish 1Password X is available for Brave and Tor soon. 🌏
Related: Compare your 1Password passwords with haveibeenpwned.com list fast
If you haven’t signed up for 1Password yet, you should. The 6 months trial is a steal, and online security matters.

Categories
More posts

Compare your 1Password passwords with haveibeenpwned.com list fast

I stumbled upon this thread earlier today on the 1Password forums, and I should definitely agree with what Brenty said. It’s an excellent script to quickly check your 1Password passwords list with haveibeenpwned.com‘s compromised passwords database!

internet screen security protection
Photo by Pixabay on Pexels.com

If you are a 1Password user, you should noticed that with 1Password 7 app on Mac And Windows, there’s a new feature/section called Vulnerable Passwords that ensures that your password on the 1Password list is not one that is compromised in a data breach.
This GUI app is handy, but it’s challenging to check the status each password.
That’s where this script helps.

  • Get 1Password CLI app and set it up.
  • Get JQ. Homebrew command if you are on Mac – brew install jq
  • Download this script .zip file, extract it, enter into that folder using terminal and use ./1passwordpwnedcheck.sh to perform the test. You will be asked to signin into your 1Password account if you are not at that time.

Do note that the 1Password CLI app logs you out every 30 minutes. This is as explained by Session tokens expire after 30 minutes of inactivity, after which you’ll need to sign in again. on the 1Password CLI setup page.
In case you want to copy the script from here.

#!/bin/bash
########################################################################################
# 1passwordpwnedcheck.sh – script to check 1password entries against known compromised
# passwords from havibeenpwned.com
#
# Requirements:
# 1password CLI tool – https://app-updates.agilebits.com/product_history/CLI
# jq json parser – https://stedolan.github.io/jq/
#
# Resources:
# https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
# https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
# https://gist.github.com/IcyApril/56c3fdacb3a640f37c245e5813b98b99
########################################################################################
echo "Checking 1Password items against havibeenpwned.com password list."
echo "Be patient, this might take a while."
item_uuids=$(op list items | jq -c -r '.[].uuid')
pwnd_count=0
for uuid in ${item_uuids}; do
_checkhash(){
hash="$(echo -n ${1}| openssl sha1)"
upperCase="$(echo $hash | tr '[a-z]' '[A-Z]')"
prefix="${upperCase:0:5}"
response=$(curl -s https://api.pwnedpasswords.com/range/$prefix)
while read -r line; do
lineOriginal="$prefix$line"
if [ "${lineOriginal:0:40}" == "$upperCase" ]; then
title=$(_gettitle $uuid)
echo "Oh no! $title password pwned! You should probably change that one."
(( pwnd_count += 1 ))
fi
done <<< "$response"
}
_gettitle(){
echo "$(op get item ${1} | jq -r '.overview.title?')"
}
pwd=$(op get item $uuid | jq -r '.details.fields[] | select(.designation == "password")|.value?' 2> /dev/null)
_checkhash "$pwd"
done
if [ $pwnd_count -eq 0 ]; then
echo "Good news! No pwnd passwords found!"
else
echo "Done. You have $pwnd_count passwords that need changing."
fi
exit 0

Categories
More posts

If you are traveling abroad, enable 2FA for your internet accounts now!

One of my friends is leaving to Finland tonight, and I encouraged him to enable 2 step verification (2FA – 2 factor authentication) for all his online accounts as soon as possible.

He’s moving to a new country, is going to login from new IP addresses and there’s a fair chance that the service would block his attempts to login, primarily for his account’s security.

There’s going to be SMS sent to his mobile number, only to see that he cannot use it, because he does not have access to the mobile number in a foreign country.

That’s when tools like Authy, Duo and Google Authenticator come handy. One can setup 2 step verification for any TOTP-based 2 step verification process and carry the codes securely using Authy apps for Android, iOS or Google Chrome.

Learn what 2 step verification is, and how to setup Authy for common accounts on this post I wrote.