this post was submitted on 14 Jul 2023
1151 points (92.2% liked)

Technology

58303 readers
14 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

We've all been there.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 23 points 1 year ago* (last edited 1 year ago) (3 children)

Because it's much more fun to come up with passphrases like Correct Battery Horse Staple.

[–] [email protected] 13 points 1 year ago (1 children)

It's a lot easier to remember that than #@?Zk23!nPw

[–] [email protected] 2 points 1 year ago (1 children)

You are not supposed to have to remember anything but your master password. :)

[–] [email protected] -2 points 1 year ago (1 children)

I'd rather try and remember than have a single point of failure for all my accounts' security.

If the passwords are stored offline then I can't get at them if I'm away from where they're stored. If they're stored online they're not secure.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Some are online, but encrypted, with options to export the passwords in case the service goes down.

"Why should I trust them?"

Well, the software is open source, and regularly audited by people using it. Many password managers, such as Bitwarden (not sponsored, although I'd like to get a sponsorship) uses end-to-end encryption to secure the passwords so someone hacking the servers or a rogue employee can't access anything, It would just look like random noise. You don't have to know coding, you just have to trust that someone in the world will have the knowledge to inspect the code and report any suspicious code. Just regularly back up the passwords to a local file so you still have them in case they shut down.

Trying to remember passwords made me constantly stressed trying to remember them. A password made life much easier. Better than a single point of failure like your brain. One password is much easier to remember, and that one password can be as complex as you want, because that's the only one you'd have to worry about.

Sincerely,

Someone who's depressed af and constantly forget passwords

[–] [email protected] 0 points 1 year ago (1 children)

Encryption can be decrypted. A password manager encrypting your passwords is like saying your car has working brakes. It's totally unsafe to even consider operating without but it doesn't say much when it is there.

It's not a matter of "why should I trust them" but "why should I trust them more than the system that already exists". I get the appeal, but the hole is big.

If I forget a password I reset it. If I forget my manager's password can it be reset? Is the reset option, if extent, susceptible to attack?

If an account gets compromised it could have moderate repercussions, but probably minimal depending on the account, with maybe a couple exceptions. If managed passwords get compromised that's potentially everything. There has not, and likely never will be, an impenetrable system, so it is a possibility if not a concern.

[–] [email protected] 2 points 1 year ago

Tacking onto this, because I mix password types too, I don’t want all my passwords in the same (even pseudorandom) style.