• gedaliyah@lemmy.world
    13·
    6 days ago

    Finally can’t take it anymore

    Downloads a Password Manager

    Password Manager: “Please create a unique master password to begin”

    • rumba@lemmy.zipEnglish
      4·
      6 days ago

      That’s one password, and then use 2FA or a passkey or a yubinkey or anything to secure it so the security of the password isn’t a big deal

      Then go to every single thing you have a password for, and have the password manager set it to something random. I personally like pass phrases get it up in the teens of characters multiple words multiple numbers multiple special characters. 99.9% of the time you shouldn’t be typing any of this in. It should be injected for you. If per chance you should need to type one of them in typing in four or five words some numbers and some special characters is not really a horrible grievance.

      • CoffeeJunkie@lemmy.cafeEnglish
        14·
        6 days ago

        I understand, but I absolutely do not endorse. For the same reason as the XKCD comic correct horse battery staple is based on. It’s bullshit, it’s hard to remember (sometimes even hard to read or type in).

        I just generated one & I tried to post a screenshot, but my Lemmy app isn’t cooperating…KeePass gives lots of options, very nice. The password randomly generated was “3vrCNHTTxFuMyhah”. Like…what the hell is that?? What??

        Don’t get me wrong, I set up probably 30+ of those stupid things in my wayward youth. But if for some reason you have to type them in manually via Xbox controller, TV app, or otherwise…you’re going to be cussing yourself out like MAN this is SO STUPID, and it’s exponentially dumber because it’s something I did to myself. It’s not more secure. Make it easier, and also ironically more secure, doing it the right way.

        • snowsuit2654@lemmy.blahaj.zoneEnglish
          21·
          6 days ago

          Sure, I agree with you if it’s a password that I expect to have that use case (e.g. streaming service, home wifi network). Most of my passwords don’t though.

          As a side note, assuming that they’re equivalent length I would argue that a random password is more secure than a passphrase (of equal length) composed of dictionary words because it’s more resistant to dictionary-based password cracking. That said, the point is moot. As xkcd has shown us, length is the main thing that matters. There’s effectively no difference in practice. I always tell people “the longer the better” in either case and I recommend passphrases for secrets that have to be memorized or typed.

          That said, I think an acceptable medium would be to use a passphrase, like you’re suggesting, for a situation where entering it via a controller or remote is a legitimate use case. In fact, my password manager lets me pick and can generate passphrases or passwords. Not sure if that’s a feature in KeePass.

          For the rest of the time when I don’t need the use case, I’ll simply generate a long random password using my password manager. It’s a faster workflow integrated into the tool itself and theoretically more secure against some attacks.

  • IntriguedIceberg@lemmy.world
    8·
    7 days ago

    For everybody commenting on passwords manager, I’ve been using one for years now and I feel this so bad. My company has a password policy of changing the LAPTOP’s password every 8 weeks and you can’t reuse any of the last 10 passwords used. I hate it because I can’t use a password manager to unlock my laptop and I’m so used to password managers by now that it’s getting really hard to come up with new passwords that follow the stupid requirements and even worse remembering them. I’m veeeery close to just start noting them down in a notebook by my machine and then send a picture to our security guy to show him where he has gotten us all to

    • JcbAzPx@lemmy.worldEnglish
      5·
      6 days ago

      You should do that unironically. The current best practices advises against frequent password changes for exactly that reason.

    • Seefoo@lemmy.world
      1·
      5 days ago

      I save it my password manager and can pull it on other devices. Still annoying, but not the worst. Honestly the worst is passwords with a character limit, and even worse when it’s “small” like 16

    • doctordevice@lemmy.ca
      2·
      6 days ago

      I do agree that’s a particular case that can’t be solved by a password manager. But it’s all the more reason to use one elsewhere to reduce how many you need to remember.

      I have to remember only 3 secure passwords. My personal computer, my work account, and my password manager. Those are the only three I have to type in manually. And because they’re secure and unique, for stupid work password change requirements I just increment the last character.

    • Passerby6497@lemmy.worldEnglish
      1·
      6 days ago

      My company has a password policy of changing the LAPTOP’s password every 8 weeks and you can’t reuse any of the last 10 passwords used.

      There are more than 10 symbols, so just rotate through them. If your org doesn’t respect you enough to have reasonable password rotations, I wouldn’t bother spending much time coming up with new ones and just modify your current to pass the minimums.

      Some$$Word12
      Some&&Word11
      Some–Word10

      Etc

  • AceFuzzLord@lemmy.zip
    10·
    7 days ago

    Has to be 16 characters

    So long as I can use more than that, I won’t complain. I don’t remember the service, but I definitely remember one where they wouldn’t allow over a certain amount of characters and that was annoying because that was when I was still using repeat passwords back in highschool. My preferred password at the time was roughly 20 characters, but apparently that was too much because who cares about security, am I right?

    • Passerby6497@lemmy.worldEnglish
      2·
      6 days ago

      It’s even worse when they have a limit and don’t enforce it consistently. I had to submit a bug report to my bank because I made a 24 character password at account creation but the login page only allowed 16 characters.

    • Higgs boson@dubvee.orgEnglish
      2·
      7 days ago

      It used to be a thing more often, but for a long time even when youre logging in via a website, there were (and probably still are) legacy backend systems that have limits on the password length.

  • MrShankles@reddthat.com
    5·
    6 days ago

    Quick question friends:

    If I’m already using bitwarden and decide to switch to self-hosting it; can I import my usernames and such?

    I would most likely change all the passwords, but being able to migrate the websites (with corresponding username) would be kinda nice

  • Lovable Sidekick@lemmy.worldEnglish
    5·
    6 days ago

    !!! PASSWORD TOO WEAK !!! - your password must contains upper and lowercase characters, digits and symbols except not a hyphen for some fucking reason, and no characters you’ve ever used in past passwords and no digits that are in your postal code, data of birth, or shoe size. Zalgo text is acceptable.

  • SkunkWorkz@lemmy.world
    4·
    7 days ago

    If you don’t want to use a password manager it’s not that hard to create long passwords. Just create a nonsense sentence with a misspelling with a character between each word and add some obscure personal info that isn’t directly linked to you, like a phone number of an old childhood friend or pizza place you used to call often when you were young so it’s easy to remember but not info another person can find about you. Then add a special character.

    Like:

    Wideo1Pasta1Is1The1Grawy1555-22334!!!

    • prole@lemmy.blahaj.zone
      1·
      6 days ago

      I like pass phrases… if you can’t think of anything, grab a random book, open to a random page, and find a memorable phrase that catches your eye. Change some letters to numbers and/or add symbols if you think you need to.

  • 5too@lemmy.worldEnglish
    41·
    7 days ago

    And in six weeks… It’s time to change your password! No repeats.

  • chiliedogg@lemmy.world
    2·
    6 days ago

    Just add one to the number each time.

    I’m on “[passwordiveusedforyears]22!” at work.

    For otherwebsites I’m on things like “[passwordIveusedforyears][websitename]!”

    Proper 2FA is secure enough for most people to keep using the same password so long as it hasn’t been compromised. And a few things, like work passwords, email passwords, and bank passwords should be unique to thaspecific account.

    Really, the biggest security hole is requiring logins for fucking everything. That’s why there’s a million password leaks. Why does a news website need me to sign in? Why do I need an account and password to order a pizza that I’m gonna pay for in-person?

    • MrShankles@reddthat.com
      1·
      6 days ago

      I do like using a good passphrase that includes the website name

      Eventually, I’d like to switch to all generated through bitwarden or keypass, but I’d prefer to self-host when going that route

  • ExLisper@lemmy.curiana.net
    64·
    7 days ago

    Here’s what you do: Generate long random string, for example: P5edM5Ce0SGE0rOr9k&#T*wG@d$ogqyBTk2@%dmO@2akbm!b5p!bH8w7Ei7gPSIR1Er&hab3ae@0odk3h76Ka48kYtXrsburM$7rf^vPRwXz1s5guO&$PZz3@w

    Memorize it.

    For each site just choose a number and select 16 characters starting at this number.

    Remember which page uses what number. E.g. google = 32 -> &#T*wG@d$og^qyBTk2

    Done. You don’t have to remember any more passwords for the rest of your life.

  • Passerby6497@lemmy.worldEnglish
    1·
    6 days ago

    I can remember like 5 passwords. My computer password, my work computer password, my trash everything password and my password vault password. I know that’s only 4, but I still remember my last vault password, so that one counts twice

    Everything else is some random shit that I bitch about entering manually when pasting doesn’t work.

  • Psythik@lemmy.world
    1·
    6 days ago

    That’s why I let Firefox make the passwords for me. It’s nice because they sync with my phone, so I don’t have to run to my PC to look up a password.