Key Management – Where and how are SNMP v3 passwords stored on the agent?

In terms of security, SNMP v3 improves on v2 by using users to retrieve agents or agents that send trap data to the management system. But what if the agent is compromised? Can the attacker retrieve the password of the user used for SNMP data transfer? As far as I know, the user / password credentials for SNMP v3 are stored on the agent, so my question is:
Where and how are SNMP v3 user and password credentials stored on the agent (on different operating systems, with SNMP agents most commonly implemented, such as net-snmp on Linux, Windows, Cisco iOS, etc.)?

Was I being pwned – is this a rational use of the list of pwned passwords?

I've heard more and more that the list of stored passwords is a good way to check if a password is strong enough to use it or not.

That confuses me. I understand that the list of protected entries comes from accounts that have been compromised, either because they were stored in plain text, with a weak cipher, or for some other reason. That seems to me to have little to do with password security. There could be very strong passwords that were stored in plain text and thus compromised, and their use would be really good unless used in combination with the original email / username. The fact that their hashes are known (well, the hash of a particular password is known!) Does not matter if the place where you store them is salted. Although it really does not hurt to exclude these passwords, a hacker might start with this list if he practices brute force, and it's easy to choose another one.

But the opposite is true for me: it will always be very easy to crack passwords that are not on the list. "longishpassword" did not have an account with this password hit by a leak at this time. However, this does not mean that this password would be safe if a leak of hashes occurred. It would be very easy to break.

What is the reason that a password (without e-mail / username) is matched to the "mustibeenpwned" list to determine if it is suitable for use? Is this a good use of the list or is it wrong?

Move passwords stored in Chrome to a bold browser

Is it in any way possible to transfer Chrome passwords to another Chrome-based browser, such as Google Chrome? B. Brave to replicate? I have rooted the device. I tried to copy the login data file from the Chrome data folder to the bold data directory. but it did not choose courageously. And there's no way to import CSV passwords into a bold browser.

Desktop version of brave browser have option to import password CSV, and I have done that, but there is no option to sync passwords between desktop and Android browsers.

Save passwords in a text file … is it really much worse than a password manager?

My idea:

Store my passwords in a text file located in Dropbox and accessed through a Python script to quickly get the password for the site I want to access.

My motives:

I want to be as platform-independent as possible (currently my passwords are stored in Safari's built-in password manager). I also do not want to use third party services, either for free or otherwise, just to store my passwords. I try to be as minimalistic as possible, even in my online life.

My reasoning:

First, all of my core services' passwords (Gmail, Apple ID, Bank, Dropbox) are long, random, and are stored offline only in my brain. So it's not like I'm developing a system that has to keep my most valuable asset. The text file would only contain passwords for less important websites and services. The worst thing that could happen if someone gets access to the text file is that it puts stupid questions online under my name: D … something that I do not think professional hackers usually do.

To access the passwords text file, you need to go into my Dropbox (which is protected by a strong password and two-factor authentication) and into my Mac (which is protected by a strong password). or access my hard drive (which is encrypted with FileVault).

If someone breaks into my Mac, they still have access to the passwords stored in Safari. Soooo … what am I missing?

PS: Keep in mind that I know nothing about cybersecurity, encryption, or anything like that. I'm not looking for a technical answer that I could not understand. Many Thanks.

Web Application – Is LocalStorage safe enough to store passwords in web browsers?

Currently, I have a system where users can enter an email address and password in my login page. When you then click the register button, this data is stored in LocalStorage before the user is redirected to the login page.

The login page then checks the LocalStorage and automatically populates the email and password from the previous page.

My question is how safe is LocalStorage for storing this type of data? Saving RAW passwords in this way seems like a bad idea. Apart from that, everything is local to the user device. It is not sent to a server or anything, so the likelihood of an attack is reduced.

I also thought about deleting the item from LocalStorage after getting it from the login page. Which one would make it safer?

How safe is LocalStorage for storing RAW passwords and this kind of data?

macos – Password can not be reset because none of the last n passwords are required

I recently added a few rules that use pwpolicy. When restarting the Mac, password reset was requested after entering the current password. However, I can not meet the requirements that do not match the last 3 passwords.

The Mac used to have no password policies, so I think it probably fails because it does not have old passwords.

Does anyone know a solution for this?

Authentication – Set passwords for domain users whose expiration is not expiring and does not allow their modification

There are two massive disadvantages: assignment and liability. Although that is for now A reality in your business does not mean it should go on.

All that is required is that someone with password access to another person's account should be negligent or malicious, and you must change this policy immediately. They have no idea, or even a reasonable understanding, of who did the negligent or malicious thing, and it is enough for a user to say, "I was not – it must have been somebody in IT."

As you suspect, in your current reality, selecting passwords for your users should make your passwords stronger against external threats to those accounts. But for the inner threat You have a gaping risk,