Hackers know half of passwords entered online, Cloudflare finds
-
This post did not contain any content.
I would do the word jumble suggested by xkcd, but so many websites require numbers, special characters, and disallow spaces that it would be impossible to remember unique passwords between those sites. Ironically I end up in a much weaker password ecosystem because I re-use the nearly-same password over and over again so I'm not constantly requesting a reset.
-
I would do the word jumble suggested by xkcd, but so many websites require numbers, special characters, and disallow spaces that it would be impossible to remember unique passwords between those sites. Ironically I end up in a much weaker password ecosystem because I re-use the nearly-same password over and over again so I'm not constantly requesting a reset.
Why not use a password manager?
-
Why not use a password manager?
BitWarden now supports passkeys and has a free 2FA app.
No excuses not to be as secure as possible anymore.
-
I wonder how much of this stems from two stupid IT policies. For decades users have been told to not write down passwords and to change them regularly. The result of this policy is to use a small number of password variations that one reuses. Then IT complaims about it.
The better plan has always been to use long random passwords that you never reuse and write them down and only change them rarely for example when they may be compromised,
I remember asking my company if they have official password management software in my job before my last job. They did not. I can't believe we have all this specific software to be used at the company but they don't put some time to identify what they want employees to use for this. Funny thing is security teams are such big deals but I think they actually don't want to get involved in case it does not work out.
-
This post did not contain any content.
I'm glad I've been using a password manager for several years now.
-
I remember asking my company if they have official password management software in my job before my last job. They did not. I can't believe we have all this specific software to be used at the company but they don't put some time to identify what they want employees to use for this. Funny thing is security teams are such big deals but I think they actually don't want to get involved in case it does not work out.
Lot of security is theater. IT doing a CYA thing.
-
Why not use a password manager?
Single point of failure and a separate entity has all of your passwords and you have to continue paying them or lose access to everything. Sounds like a terrible idea to me
-
Single point of failure and a separate entity has all of your passwords and you have to continue paying them or lose access to everything. Sounds like a terrible idea to me
There are password managers you can self host. Bitwarden being one of them. Secure it as much as you want and keep off-site encrypted backups if you're worried about a single point of failure.
-
I'm glad I've been using a password manager for several years now.
Yeah I think I've got 600 distinct logins in my bitwarden at this point, lol.
-
Why not use a password manager?
I'm split between a work pc, mobile, and home pc... It could work for 90% of cases. I never trusted a password manager though.
-
This post did not contain any content.
Always two there are. No more, no less. The one they know, and the one they don't.
-
I wonder how much of this stems from two stupid IT policies. For decades users have been told to not write down passwords and to change them regularly. The result of this policy is to use a small number of password variations that one reuses. Then IT complaims about it.
The better plan has always been to use long random passwords that you never reuse and write them down and only change them rarely for example when they may be compromised,
My workplace has finally gone to passphrases and 1 year password life, which is nice as it's a password I often need to type, so I'd rather 20 easy to type and memorise chars than 16 random
-
I'm split between a work pc, mobile, and home pc... It could work for 90% of cases. I never trusted a password manager though.
KeePass doesn't rely on any third party, and if you choose to use a third party file storage to hold your password vault, it's encrypted
-
My workplace has finally gone to passphrases and 1 year password life, which is nice as it's a password I often need to type, so I'd rather 20 easy to type and memorise chars than 16 random
The missleading thing about passphrases is that anything a human can remember is low entropy. That it has 20 charachers says nothing about how random.
-
Yeah I think I've got 600 distinct logins in my bitwarden at this point, lol.
This is a great example of how impossible it is not write down usernmes and passwords and how infeasible forcing changes is.
The other thing people do not talk about enough is usernames. They should be somewhat random too and not resued.
-
This is a great example of how impossible it is not write down usernmes and passwords and how infeasible forcing changes is.
The other thing people do not talk about enough is usernames. They should be somewhat random too and not resued.
Yep, before I switched to a password manager in college I had 3-4 passwords I would use across all accounts, and I would constantly need to recover accounts because I would forget the PW.
I actually don't remember the last time I needed to recover an account. Having a password manager has been a massive time savings for me.
-
This post did not contain any content.
-
There are password managers you can self host. Bitwarden being one of them. Secure it as much as you want and keep off-site encrypted backups if you're worried about a single point of failure.
Ah, yes, because self hosting is feasible for everyone
/s if that's not obvious
-
Ah, yes, because self hosting is feasible for everyone
/s if that's not obvious
You're right. It's better to just not use a password manager and use the same password on every site you go to.
/s if that's not obvious
-
Ah, yes, because self hosting is feasible for everyone
/s if that's not obvious
there should be a keepass+syncthing package available for normal people to use, i put keepass and syncthing on all my devices and that means I don't have to host a server while always having my password vault synced
