So your password is cardboard fort?
hunter2
It’s just *******
The only good passwords are those you don’t know yourself because they are randomly generated and all stored in your password manager of choice.
depends on the password manager…
also, the length of the password is WAY more important than it being randomly generated as long as it’s not in a password dictionary somewhere. I use 20+ character passphrases that i can easily remember everywhere for instance
Until some locked down tv/console type device asks me for a password.
Then you look up the random string of 36 characters once, think “why did I make this one 36 characters” as you painstakingly type it in with a TV remote, then immediately forget it as soon as you’re logged in.
At this time of day, in this part of the country, localized entirely in your accounts?
Just use a password manager, then you get the benefits of having a single password to remember without the security-related downsides.
So all my passwords are locked behind a single password? Isnt this essentially the same as using the same password for every site. In that they only need to cracl o e password to have access to everything?
deleted by creator
In theory, yes but if you use a good password manager and have a strong master password the encryption should be practically impossible to break. The fact that you only have to remember one password means that this password can and should be a very strong one. 20+ characters with upper and lowercase letters, numbers and symbols should take centuries to crack.
You should be safe as long as your master password isn’t small, less than 15 characters. The longer the password, the better. Personally what I do is use a pass phrase to make it easily memorable, and then use it as a base to inflate security somewhat artificially.
Wrap the pass phrase around in brackets or symbols; mix lower/upper case; replace (or add to) a word in your pass phrase with one from a random other language, so instead of hello you type bonjour. Bonus points if you are able to replace even a few letters in your pass phrase with fancy diacritics, or fuck it add an emoji or two.
Then again there are a LOT of other factors which go into security. Theoretically the lyrics of song are decent as a pass phrase but there’s not much point if everyone knows what your favourite song is, or if you are learning Spanish then you’ll replace the English words with Spanish.
Unless you’re in a position where you’re targeted by nations or are working extremely high profile jobs like CEO or digital security you should be safe really with all these but as I said there’s a lot to keep in mind.
I never got over the fact that I somehow need to trust to an absurdly high degree a proprietary software to store ALL my passwords. Is this really a good idea?
You can use KeePass, but you’ll have to figure out a way to have your password vault available on other devices (can do it by using any cloud shares, i.e. GDrive). This way you’ll be in charge of almost every aspect of your passwords. But you’ll have to take care of backups and keep everything in sync.
Or simply can use, Bitwarden or Protonpass
I read a bit into bitwarden and it seems quite good, also with browser extension etc. Maybe I will think about my stance on password managers and give it a try
deleted by creator
What exactly did you think the point of the meme was?
I came up with a formula for my passwords - as easy to remember as a single password and makes a unique login for every site feasible without a password manager. Can be updated as often as you like and all you gotta do is remember the latest version of the formula. At the very least, the hashes will be different and it’d take someone having more than two of my passwords to figure out the pattern.
I also use over 100 email aliases with my own domain name so that my most important accounts have a separate login that isn’t a common domain that wouldn’t be easy for someone to guess.
It would take a lot of concentrated effort for someone to get at any of my important accounts, and even my less important ones would be pretty difficult to get into even if multiple accounts are compromised, due to using a smaller pool of aliases under common domains for less important accounts.
Someone got into half a dozen of my accounts a few years ago and I finally started taking security seriously.
Counterpoint: Password Manager = One point of failure
Multiple Strong Passwords that have to be changed every 3 months even to sign on to your cornerstore rewards program without a password manager? Guess you’re never accessing any account older than 3 months because you’ve forgotten th3 b1lli0n$ oF s+r0ng p4s5w0rds Y0u h4Ve cr3atEd!
Okay and now let’s get into threat modelling and risk management.
What is the purpose of a password manager? What are the possible threats against them, and what are those against singular passwords for services? What is the risk of each of those?
Guys, before you argue with me, password security is something that EVERYONE in the 1st world has to deal with, not just tech nerds. If you need to grow up around computers or take a class for it to be a good form of security, its a shit form of security for the general public
I’ve had security fatigue for years now. I’m sure most of you have. I’ve written down so many usernames and passwords and it’s still not half of what I have, and to top it off, several of the written passwords are now wrong after obligatory password changes and I don’t remember the new ones.
