Dan Q
This checkin to GC5GFNB DG - Linie reflects a geocaching.com log entry. See more of Dan's cache logs.
The second spectacular cache I’ve found from this CO. Absolutely amazing. Coordinates got me close, but it was only when I started looking around that I spotted something that didn’t look quite right and found the cache. Amazing work, FP awarded.
This checkin to GC5DC7H Friedensbrücke reflects a geocaching.com log entry. See more of Dan's cache logs.
Superb cache, my favourite in Vienna so far. Love the design; I might try to make one like this back in Oxfordshire, UK upon my return! FP awarded.
Coordinates put me exactly where I needed to be. Fortunately I had exactly what I needed to retrieve the cache: it’s something I always carry when I’m caching anyway!
TFTC!
This checkin to GC91ZZ4 Ort der Barmherzigkeit - KH Barmherzige Brüder reflects a geocaching.com log entry. See more of Dan's cache logs.
A quick and easy find while I stopped to tie my laces. TFTC, and greetings from Oxfordshire, UK!
This checkin to GCM8CB Urania reflects a geocaching.com log entry. See more of Dan's cache logs.
I’ve been in Vienna for a week to meet work colleagues, and today – our meetings at an end and still with a few hours before my plane leaves – I decided to come out and find some local geocaches.
At the GZ there were lots of good hiding places so I reached over and around. In a few seconds my fingers touched the cache. Great!
But then – disaster! As others have observed, the magnets in this cache aren’t the strongest and it bounced free. It fell a long, long way! I rushed across the road and down to the lower level to grab it. Luckily the cache container was unharmed, so I signed the log as I carried it back to up its hiding place. What an adventure!
FP awarded for the cool container and hiding place, and for the fun story you helped me tell. Greetings from Oxfordshire, UK. TFTC!
This checkin to GCR0YM Bridge over bridge reflects a geocaching.com log entry. See more of Dan's cache logs.
Found after a brief search before a company meeting here in beautiful Vienna. Greetings from Oxfordshire, UK! TFTC!
This checkin to GC91BEK TUBE SideTracked - Ravenscourt Park reflects a geocaching.com log entry. See more of Dan's cache logs.
Damage to the top of the hiding place gave me a quick clue for this one, even though my GPSr was misbehaving. TFTC.
This checkin to GC9M892 SideTracked - Shepherd's Bush Market reflects a geocaching.com log entry. See more of Dan's cache logs.
QEF while taking a leisurely walk from Shepherds Bush to Kew Bridge. The hint object helped a lot. Greetings from Oxfordshire. TFTC.
This checkin to GC97PZV 1 BH reflects a geocaching.com log entry. See more of Dan's cache logs.
Finishing my morning walk where, perhaps, I should have started it with the first cache in this enjoyable series. Took a while for a good GPSr fix and I walked up and down the path a few times before spotting the container. But then – disaster – this replaced cache has a brand new log book… and I’ve dropped my caching pencil somewhere between the last cache and this one. Unable to sign log, but hopefully attached picture showing CO’s replacement message will suffice.
TFTC, and the series in general. So glad to be able to take this lovely walk from Fairlawns this year. FP awarded here for the series in general.
This checkin to GC97WPR 7 BH reflects a geocaching.com log entry. See more of Dan's cache logs.
Distracted by the cattle eating their breakfast and the increasingly beautiful sunrise, almost forgot to look for this cache. Read the hint but still didn’t have a clue until I spotted something out-of-place in a field. Sure enough, it was the cache. Nice hide! TFTC.
This expedition also sees me using StreetComplete to update OpenStreetMap metadata. Here, I got to correct the “stile” to a “kissing gate”. Fun!
This checkin to GC97WPC 6 BH reflects a geocaching.com log entry. See more of Dan's cache logs.
Sunrise taking off in earnest now with reds and pinks on the horizon, and my spine – unhappy for sleeping in an unfamiliar bed last night – is enjoying getting a stretch from the walk, too. Stared right at this cache for a moment thinking “well that’s where I would hide it, but would the CO” before reaching to check and, yup, putting my hand right on it. Now on through the cattle field!
This checkin to GC97WP6 5 BH reflects a geocaching.com log entry. See more of Dan's cache logs.
I can see why the previous log moved this cache; pleased to see you be a good hiding place on the other side. Also pleased this wasn’t another nano! Light’s grown enough now to add a smiley selfie from the path. Greetings from Oxfordshire, and TFTC!
This checkin to GC97WN0 4 BH reflects a geocaching.com log entry. See more of Dan's cache logs.
Got carried away with my walk and briefly overshot this one: realised as I reached the quarry road. Turned back and found the cache in the third place I looked. Said hi to a rabbit and the horses, up and foraging for their breakfast in the early light, before moving on.
This checkin to GC97WM3 3 BH reflects a geocaching.com log entry. See more of Dan's cache logs.
This morning’s caching expedition just has it in for my back, I fear, with this one no exception. Nonetheless, a QEF in the first place I looked. TFTC!
This checkin to GC97WKD 2 BH reflects a geocaching.com log entry. See more of Dan's cache logs.
A nonprofit I volunteer with has, years ago, held our Christmas bash at the nearby Fairlawns Hotel. We haven’t been in several years and – even though we missed Christmas itself by a full month! – decided to return here this year.
I’m often an early riser, especially when away from home, and enjoy making the most of the first light with a walk. Last time I was here there wasn’t a geocache in sight, so imagine my delight to find that now there’s one right on the doorstep! Armed with a torch to fight off the renaming pre-dawn darkness, I braved the cold and came out to explore.
Found the obvious hiding spot quickly, but my sore back (Fairlawns’ mattress was somewhat softer than I enjoy!) made retrieval challenging! Still, a success once I was on my hands and knees! TFTC, and Merry Christmas I guess!
The two most important things you can do to protect your online accounts remain to (a) use a different password, ideally a randomly-generated one, for every service, and (b) enable two-factor authentication (2FA) where it’s available.
If you’re not already doing that, go do that. A password manager like 1Password, Bitwarden, or LastPass will help (although be aware that the latter’s had some security issues lately, as I’ve mentioned).
I promised back in 2018 to talk about what this kind of authentication usually1 looks like for me, because my approach is a little different:
I simply press my magic key combination, (re-)authenticate with my password safe if necessary, and then it does the rest. Including, thanks to some light scripting/hackery, many authentication flows that span multiple pages and even ones that ask for randomly-selected characters from a secret word or similar2.
My approach isn’t without its controversies. The argument against it broadly comes down to this:
Storing the username, password, and the means to provide an authentication code in the same place means that you’re no-longer providing a second factor. It’s no longer e.g. “something you have” and “something you know”, but just “something you have”. Therefore, this is equivalent to using only a username and password and not enabling 2FA at all.
I disagree with this argument. I provide two counter-arguments:
1. For most people, they’re already simplifying down to “something you have” by running the authenticator software on the same device, protected in the same way, as their password safe: it’s their mobile phone! If your phone can be snatched while-unlocked, or if your password safe and authenticator are protected by the same biometrics3, an attacker with access to your mobile phone already has everything.
2. Even if we do accept that this is fewer factors, it doesn’t completely undermine the value of time-based second factor codes4. Time-based codes have an important role in protecting you from authentication replay!
For instance: if you use a device for which the Internet connection is insecure, or where there’s a keylogger installed, or where somebody’s shoulder-surfing and can see what you type… the most they can get is your username, password, and a code that will stop working in 30 seconds5. That’s still a huge improvement on basic username/password-based system.6
Note that I wouldn’t use this approach if I were using a cloud-based password safe like those I linked in the first paragraph! For me personally: storing usernames, passwords, and 2FA authentication keys together on somebody else’s hardware feels like too much of a risk.
But my password manager of choice is KeePassXC/KeePassDX, to which I migrated after I realised that the plugins I was using in vanilla KeePass were provided as standard functionality in those forks. I keep the master copy of my password database encrypted on a pendrive that attaches to my wallet, and I use Syncthing to push secondary copies to a couple of other bits of hardware I control, such as my phone. Cloud-based password safes have their place and they’re extremely accessible to people new to password managers or who need organisational “sharing” features, but they’re not the right tool for me.
As always: do your own risk assessment and decide what’s right for you. But from my experience I can say this: seamless, secure logins feel magical, and don’t have to require an unacceptable security trade-off.
1 Not all authentication looks like this, for me, because some kinds of 2FA can’t be provided by my password safe. Some service providers “push” verification checks to an app, for example. Others use proprietary TOTP-based second factor systems (I’m looking at you, banks!). And some, of course, insist on proven-to-be-terrible solutions like email and SMS-based 2FA.
2 Note: asking for a username, password, and something that’s basically another-password is not true multifactor authentication (I’m looking at you again, banks!), but it’s still potentially useful for organisations that need to authenticate you by multiple media (e.g. online and by telephone), because it can be used to help restrict access to secrets by staff members. Important, but not the same thing: you should still demand 2FA.
3 Biometric security uses your body, not your mind, and so is still usable even if you’re asleep, dead, uncooperative, or if an attacker simply removes and retains the body part that is to be scanned. Eww.
4 TOTP is a very popular mechanism: you’ve probably used it. You get a QR code to scan into the authenticator app on your device (or multiple devices, for redundancy), and it comes up with a different 6-digit code every 30 seconds or so.
5 Strictly, a TOTP code is likely to work for a few minutes, on account of servers allowing for drift between your clock and theirs. But it’s still a short window.
6 It doesn’t protect you if an attacker manages to aquire a dump of the usernames, inadequately-hashed passwords, and 2FA configuration from the server itself, of course, where other forms of 2FA (e.g. certificate-based) might, but protecting servers from bad actors is a whole separate essay.