• Holzkohlen@feddit.de
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    The only good passwords are those you don’t know yourself because they are randomly generated and all stored in your password manager of choice.

  • Kedly@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    Counterpoint: Password Manager = One point of failure

    Multiple Strong Passwords that have to be changed every 3 months even to sign on to your cornerstore rewards program without a password manager? Guess you’re never accessing any account older than 3 months because you’ve forgotten th3 b1lli0n$ oF s+r0ng p4s5w0rds Y0u h4Ve cr3atEd!

    • 0xD@infosec.pub
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Okay and now let’s get into threat modelling and risk management.

      What is the purpose of a password manager? What are the possible threats against them, and what are those against singular passwords for services? What is the risk of each of those?

      • Kedly@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        Guys, before you argue with me, password security is something that EVERYONE in the 1st world has to deal with, not just tech nerds. If you need to grow up around computers or take a class for it to be a good form of security, its a shit form of security for the general public

        • Comment105@lemm.ee
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          1 year ago

          I’ve had security fatigue for years now. I’m sure most of you have. I’ve written down so many usernames and passwords and it’s still not half of what I have, and to top it off, several of the written passwords are now wrong after obligatory password changes and I don’t remember the new ones.

  • clanginator@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    I came up with a formula for my passwords - as easy to remember as a single password and makes a unique login for every site feasible without a password manager. Can be updated as often as you like and all you gotta do is remember the latest version of the formula. At the very least, the hashes will be different and it’d take someone having more than two of my passwords to figure out the pattern.

    I also use over 100 email aliases with my own domain name so that my most important accounts have a separate login that isn’t a common domain that wouldn’t be easy for someone to guess.

    It would take a lot of concentrated effort for someone to get at any of my important accounts, and even my less important ones would be pretty difficult to get into even if multiple accounts are compromised, due to using a smaller pool of aliases under common domains for less important accounts.

    Someone got into half a dozen of my accounts a few years ago and I finally started taking security seriously.