What kind of border device are you envisioning? Are we talking about literally anything down to a LinkSys WRT3200ACM running OpenWRT, or do you want to monitor more pro devices such as a dedicated server running OpenBSD+OPNsense?
It's a weird coincidence that the Chinese hacker group name is "Volt Typhoon" and Microsoft discovers malware in Guam. And today Guam gets hit by a typhoon.
NoVault is a password utility that derives new unique passwords on the fly. Your team can use the same password for different resources. A resource can be a domain (example.com) or any string value. This combination allows you to create secure passwords that aren't centrally stored. NoVault means no attack surface. Everything happens in your browser, nothing is sent to any server.
> gokey is a password manager, which does not require a password vault. Instead of storing your passwords in a vault it derives your password on the fly from your master password and supplied realm string (for example, resource URL). This way you do not have to manage, backup or sync your password vault (or trust its management to a third party) as your passwords are available immediately anywhere.
Instead of having to install a binary on your computer I thought it would be nice to have a web-based utility. Everything is done in your browser, so nothing is sent to any other servers to process the request.
I'm definitely open to criticism, feedback, suggestions, etc..
Thank you for your feedback! You're right, you can do this with any web server, but that is difficult for some people to implement. I'm not saying people shouldn't learn, and do difficult things to protect their websites, but starting with the Cloudflare Firewall is a step in the right direction.
What are the odds you can guess the IP address of my server? They're pretty slim I think. Also, if I use Cloudflare's Authenticated Origin Pulls, my web server won't respond to your request if you managed to find my IP.
Also, I'm not saying you shouldn't take other security measures, like having a secure password, use mod_security, etc. The intent of using these firewall rules are to prevent login attempts, or at least reduce the number of login attempts to your WP site.
Moreover, if I were to use Cloudflare Argo Tunnel, then it would mean my server is not directly accessible on the internet.
reply