I'm not saying that I don't use a password manager. On the contrary, it's because I use too many complex passwords that I rely on it more (Image)

(Quote)

hard to believe anyone would not be using a password manager in 2025. many open-source or cheap commercial options. 1Password is like $30-40/year I think.

With all the talk about data breaches and online scams, I've found myself adopting a few simple, almost reflexive habits to try and stay a bit safer online. Nothing super technical, just little things

(Quote)

- wait the upcoming (tombstone reanimation) and rotate all password and keys

Very unlikely (I also checked earlier), because I installed from an ISO and didn't use any password that Virtualizor may have saved for me

So basically they had his password or access to his data. The learning: if you're down, stay quiet!

(Quote)

they even shared this website's Wordpress admin password

We've spun up a non TLS/SSL FTP on port 8231 on us1 for those that want to test.

Do you have 2FA enabled? it kicking back a 401 means the login/password is bad, or that you have 2FA I guess.

We've spun up a non TLS/SSL FTP on port 8231 on us1 for those that want to test.

The post was about cpanel, and its working fine.. i dont have da hosting..

* CloudLinux + cPanel

No you're not wrong hetzner by default does this they ask after ssh to change the password it's forced.

Doesn't work. Most humans are lazy (I hope I am wrong but here we are). I prefer doing passwd -e root as it actually enforces password change policy. Below is a snippet from man passwd:

Thing is i would just send out an email with the password and ask in the email to change immediately the password or at least don't save the initial password in the database (not sure if virtualizor d

(Quote)

Technically speaking, VirtFusion does also in email log. Thus I highly recommend to enforce a policy of password reset on first login for all providers seeing this.