I hate passkeys, but I understand that without a password manager, they’re probably the best option. And for some god forsaken reason, like you said, most people just don’t use a password manager. I can’t even get my wife to use one, and I’ve shown her how easy it is.
You using a password manager does not solve that this org stores your password in plain text and will email it to whatever’s on file when ANYONE clicks the forgot password button.
That’s why I always use password hashes as my passwords. So when some hacker steals the database, with all the clear text passwords, and look at my account they think somehow this password is still hashed and don’t try using it directly.
My current lemmy-password is $argon2d$v=19$m=16,t=2,p=1$Mk9RTWNESzMyWVljUGo5RA$BiGKlhzFuiWA0N78KzEmCQ
To wrap it all together, password managers do have inherent flaws, but it’s better than all alternatives for passwords so far. The real argument is that passwords in general are a shitty authentication scheme.
(I do indeed use a password manager especially for online services, but for some things [like the PM itself] you can’t rely on it and need to remember a few, and a scheme helps for that. I also bet $10 you can’t guess one of my schemed passwords. To be fair, the way I do it it’d still be really hard to figure out the others even if you knew the system, which I will not reveal. I’d be impressed if you even guessed the system.)
I could upgrade it though, still. New system: book cypher.
Using a password management scheme of some kind does not optional. You cannot trust them with what’s effectively a master password.
A password manager does not solve this problem.
Oh it absolutely helps. Because if you’re using a password manager then every account you have should have a different password.
Most people who don’t use them just use the same password or a variation thereof for everything, making a leak much more devastating.
I hate passkeys, but I understand that without a password manager, they’re probably the best option. And for some god forsaken reason, like you said, most people just don’t use a password manager. I can’t even get my wife to use one, and I’ve shown her how easy it is.
My password manager also holds my passkeys, so I really don’t mind them.
You using a password manager does not solve that this org stores your password in plain text and will email it to whatever’s on file when ANYONE clicks the forgot password button.
That’s why I always use password hashes as my passwords. So when some hacker steals the database, with all the clear text passwords, and look at my account they think somehow this password is still hashed and don’t try using it directly. My current lemmy-password is $argon2d$v=19$m=16,t=2,p=1$Mk9RTWNESzMyWVljUGo5RA$BiGKlhzFuiWA0N78KzEmCQ
No, but it does severely limit the damage is what I’m saying.
Using a password manager is not optional. Schemes are to easy to figure out and/or brute force.
To wrap it all together, password managers do have inherent flaws, but it’s better than all alternatives for passwords so far. The real argument is that passwords in general are a shitty authentication scheme.
Figure out mine then, right now.
(I do indeed use a password manager especially for online services, but for some things [like the PM itself] you can’t rely on it and need to remember a few, and a scheme helps for that. I also bet $10 you can’t guess one of my schemed passwords. To be fair, the way I do it it’d still be really hard to figure out the others even if you knew the system, which I will not reveal. I’d be impressed if you even guessed the system.)
I could upgrade it though, still. New system: book cypher.