This what I do. My LastPass master password is in a hidden file on my Macs. I open the file and then copy and paste the LastPass master password to log into to LastPass. Then I use LastPass to log into my websites. No online typing involved. Every website has a different long complicated password. If somehow someone figures out my BLF password, ( I say next to impossible unless BLF somehow gets hacked,) all my other websites are still protected
After 6 years of not posting on BudgetLightForum (that doesn’t mean you were not active or logged in!!) you post again and to talk about the security and not about the gazillions of beautiful, futuristic, incredible, bright, [insert more qualifying adjectives] …FLASHLIGHTS that have been produced during all these years??? 
No can do that’s almost heresy !! :smiling_imp:
I trust SB’s maintenance and structure! :arrow_right:
Yeah, all they could do is post some nasty things here and you’d just get 1000 “rude”s…
Wut? HTTP/2 and TLS are entirely separate issues. HTTP/2 works with or without encryption.
And, I’m sorry, but whatever you’re smoking, I want some. You actually believe that encrypting all the traffic plus the overhead of key exchange and protocol negotiation actually takes less CPU than not encrypting? Is that why crypto coprocessors and SSL offloading are so popular, because encryption is free?
As far as I can tell, blf runs on lunanode. If the node size it’s currently running on is nearly maxed out, you’re out of your mind if you think adding encryption is going to reduce CPU load. And upgrading costs money.
Hmmmm !
It’s a flashlight forum …
Why would you be concerned about the FEDS / Interpol / your ISP on BLF ?
Or even some hacker ?
There going to find out about your latest flashlight ? and rat you out to your spouse ?
Online banking , online shopping , Feebay , and so forth . Yes HTTPS is important .
On BLF , ?/ exactly what is the nature of the threat ? / fear ?
Separate but very much related. While HTTP/2 can work with HTTP most browsers DON’T support it in that method and only support HTTP/2 while using HTTPS.
“Although the standard itself does not require usage of encryption,[28] all major client implementations (Firefox,[29] Chrome, Safari, Opera, IE, Edge) have stated that they will only support HTTP/2 over TLS, which makes encryption de facto mandatory.” - HTTP/2 - Wikipedia
“Does HTTP/2 require encryption?…However, some implementations have stated that they will only support HTTP/2 when it is used over an encrypted connection, and currently no browser supports HTTP/2 unencrypted” - HTTP/2 Frequently Asked Questions
“With just a simple change to the server configuration, the website performs noticeably better over HTTP/2 than HTTP/1.1. The page load time dropped by over 13% thanks to fewer TCP connections, resulting in a lower time to first byte” - 2018 – Pingdom Year in Review - Pingdom
That’s a great question and one I see from many people. It’s just a flash light forum, or it’s just a personal blog, or it’s just a website about turtles… who cares.
So while some people would like for you to believe it’s very uncommon for anyone to be snooping data connections. This is absolutely the case. In fact many people do so at public wifi spots, many companies security devices do just that, all potentially leaking your username and password.
Even though some here in this thread have said SSL is no big deal… not one of them has posted their password.
Leaking of passwords is bad for obvious reasons. One of which is while some here are using password managers (kudo’s by the way!!) many people don’t and many re-use passwords. So while you’re connected to the internet and someone is snooping over that traffic (and they do, believe it or not) then that password gets out. So while it may be a flashlight forum password, for some it might just be their ebay, amazon, and bank password too.
Password sniffing is just the start of it. Without SSL, it’s much easier to intercept your web traffic and inject malicious code such as malware or cryptominer software or redirect it to another page entirely.
SSL isn’t a silver bullet that will fix ever security issue, no one has said that. It’s about layers. Just like your house, you don’t just put up a door and call it a day. You probably install a lock too don’t you? You probably even lock that lock right? I’m willing to bet you might even have a flashlight near by so when there is a noise in the night you can make light day and see what’s going on?
Layers.
The same goes for websites. SSL adds very little to a server load and if done correctly (like HTTP/2) then it can actually greatly improve the site performance. The owner could also use a free service like Cloudflare to provide the HTTPS (zero impact on the server at that point) and allows for even more features such as content delivery network, DDoS protection and more. Again all for FREE.
Hey, Mr. 13 posts, it might surprise you that SBD knows his SSH (IT) and doesn’t need a lecture from a know-nothing.
And is the one providing this fabulous resource to all of us (I don’t know quite how, maybe he’ll tell me one day in a PM).
Don’t knock stuff that you just don’t understand.
And be aware that everything could just be switched-off, all history erased, in a blink, (apart from the Wayback Machine) without very dedicated support from a good person.
Cool. Sounds like something I should do too. Thank you atbglenn.
Yep, that be me. Never got the time to get into that hobby, but it still interests me.
I don’t trust LastPass, so here’s what I do:
I use long, untypable, generated passwords for everything, stored in keepass (I use keepassxc and keepass2android). Then in browsers, I use the keepasstusk plugin to fill in login forms.
My encrypted keepass database is currently stored on dropbox, but that will transition to syncthing soon, since dropbox will likely drop linux support, and I don’t want to depend on them.
Interesting :
Probably why you use different passwords for different levels of security …
Soft passwords for soft sites , and as the need increases so does the password .
Probably a great reminder for me to consolidate and change passwords for various sites across the net .
Pays to do it from time to time .
Hmm I’m concerned that you’re frequently loading your master password into your presumably unencrypted clipboard on your computer, where a virus of some sort could snatch it. This may be crazy talk, but who knows man.
I use LastPass as well, but I memorized my master password, it’s only about 25 or so characters, so fairly easy if you toss a few uncommon words in there. Maybe that’s a bit overzealous, but eh, it works and I can type it quickly. Don’t forget 2fa as well. I usually only have that turned on for my linchpin sites, like LastPass and Gmail.
Of course this is just my experience/opinion 
… beliefs, root beliefs.
There's one well known site here which more or less recently switched to https, and I have witnessed how it has become less snappy, particularly much less snappy when loading the battery comparators. Prior to https there was no discernible lag when loading them, but now they feel more like clinged to a heavy anchor. Pretty sure Henrik's site/server has nowhere near the same amount of traffic this one has, and look at the consequences.
G00gl€ is not what it used to be. Or maybe should I say they climbed to the top with half truths, and continue to be there with their half-arsed truths?
Their search engine was powerful and way less biased (if at all) than what is now. Many many years ago it was much easier to find relevant results on specific searches, because it ran a pure logic based engine. By default now it is a dumbass spelling corrected advertisement and media party pile of shite, and buttloads of times I find myself in the need to enclose my search terms between quotation marks, which is a pain. And even if I use quotation marks and search operators the number of relevant hits is nowhere close to what it used to. With the coming of the “internet for everyone” lots of previously homeless digitals are now using computers, and G00gl€ is milking the cows and spreading misinformation. In G00gl€'s advocacy, I'm sure they're trying to serve all those morons previously homeless digitals the best they can, and reaping the rewards. For example, smartphones are fully-fledged computers with certain stock limitations which can be removed by installing custom roms and rooting them, though of course you may have heard how bad that is. That is misinformation.
Cheers :-)
P.S.: The above said about G00gl€ is of course because G00gl€ is the main promoting bullying power behind the “https everywhere” thing.
Tue, 10/23/2018 - 07:57. Tue, 10/23/2018 - 14:44.
Thank you! So I’m not the only one. So annoying. I tried switching to DuckDuckGo for a time specifically because of Google’s annoying penchant for simply ignoring my search terms, but I switched back to Google because DuckDuckGo does it too. So as you said, I generally find myself habitually “putting” “all” “search” “terms” “between” “quotation marks”.
Not only that , but many use as wide a parameter for TAGS … For search engines to hit on . ( Is tags the right word )
So if you search for Large Cylindrical Battery …
The first word is LARGE …
So a search engine may throw up a whole bunch of results with the word LARGE …
Also , many pay for optimisation !
So when you search for something , the stuff up front is from people who payed to be there .
And then after that comes other criteria …
So yeah , it has become harder to find stuff unless you know exactly what you are looking for - Word for Word …
And lets not forget censorship , many web sites may be blocked from your search results .
Duck Duck Go was good a while back , but recently ?
Google it , youtube it ,
The whole search engine thing has changed a lot in the last ten years. And let's not speak off the search engines found in e-shops like Banggood and others, they're }( pathetic. Lots of stuff seems to have dropped to the lowest common denominator, which is bad. This is the result of mankind's subconscious and unconscious issues.
Where does the money to run search engines comes from?
Who and why is deciding what to search, what not and what to censor?
Somehow we need to step away from the free stuff thing because search engines are not free, and with this behaviour people is letting themselves be bombarded with mass and even false advertising while at the same time receiving shitty biased search services. Applications also are not free. This does not mean they're expensive either, there's really wonderful stuff at the right price.
I'd advocate for means to finance a no unnecessary censorship logic based search engine to map the actual internet. Nowadays' experience is lacking.
Cheers :-)
I’ve always found YaCy (decentralized P2P federated internet search) to be an intriguing idea, maybe run it on a VPS. But I’ve never had enough motivation to actually set it up.
Here in Oz ISP’s are required to filter stuff now . Much like China filters the Internet .
So the words you use for your search may be filtered .
So depending on where you live , ?
Lots and lots of banned web sites now , simply can’t visit them anymore because they are politically incorrect or dont measure up to new doctrine .
I expect it will only get worse as time goes on and supper Nanny gets even more Anal .
Wont be long before Radio Control Forums are banned because of Drones ….
Three words: V, P, N.
NordVPN, Private Internet Access, whatever, sign up, and be free!
Tell the pollies to rack off…
TOR …… 
Yeah , I use VPN with Firefox when I want unfiltered results or visit politically incorrect forums / websites . ( Not talking Porn here ) - Torrents .
Music / video / toons / 3D printing / DIY / History / alt tech / alt History /
A lot of this stuff is still on youtube , but for how long .
TOR is definitely bad for torrents. TMI, just goggle why…
A VPN and “private browsing” is often the best combo, doesn’t matter what or why.
When I start seeing goggle results for amazon.uk, I know my vpn picked a UK server at random. Also, some places like AX will query you to make sure you are whom you claim to be if suddenly you’re trying to dial in from halfway around the globe. GB all of a sudden thinks I’m portuguese, and so on…
Other than little quirks like that (which show that it’s working), it’s the best way to go.