Keep a physical, paper password notebook, and write something boring, like “recipes” on the front of it.
Or, you know, a password manager.
https://bitwarden.com/ or plenty other free (or paid) choices
Password security and password manager howto should be an essential part of education. But then again if that happened, schools would probably teach how to use some proprietary cloud-based app with built-in datamining, because lobbying. It would only be a matter of time before everyone would find out the company was storing everyone’s passwords in plaintext after they all leaked.
Do yourself a favor and go to https://bitwarden.com/
Then you can generate a password so big and complex, the site or app starts begging you to stop. At that moment, you can say “ur password system is weak.”
Careful with that. Sometimes a site will allow you to use some stupid long password when you sign up, but then it turns out that some other version of the site or an app for it on other platforms won’t accept a password that long!
That’s okay, I just want to hear “it’s too big”
It just says “wrong password” and you’ll be guessing at which random character did it cut the password. Luckily sometimes it’s just a stupid html verification form that can be disabled in the console and be submitted anyway.
I mentioned lemmy passwords in the other reply. Guess how I found out
Or alternatively, it allows you to enter a password as long as you like, but on their end it gets truncated.
In lemmy, password length is capped to 60. Weak.
Almost, but KeepassDX is better 😎
KeePass and literally any of it’s derivatives. Not just DX.
I use Keepass2Android, KeePass XC, Keepassium, and the OG KeePass.
They are all solId.
Sadly they are putting ‘AI’ bullshit into it now: https://bitwarden.com/blog/bitwarden-mcp-server/
Arghh, why is every company thinking, that AI will make them valuable…
“Let AI retrieve, generate and manage all your credentials”
Yeah a definite nope, for what reason do I use bitwarden? So that exactly this doesn’t happen…
Anyway vaultwarden is what I’m using, much more performant and self-contained, compatible to bitwarden (but you need to host it, obviously)…
Yes but it’s opt in, not opt out, it’s not shoved down my throat unlike most other companies.
Or just use the built in password managers in chrome or Firefox. No need to pay for a password manager when they are free on the browsers most people already use
Browser-based password managers are terrible. I use multiple browsers regularly (Firefox, Chrome, Edge, Safari) and got sick of trying to keep them in sync with my “master” KeePass database, so I ended up exporting everything from them and dumping the exports into KeePass. Deleted everything from the browsers. It was a huge weight off my shoulders.
I changed the password autofill on both my work phone (iPhone) and personal phone (Pixel) to their respective KeePass variants. It’s much nicer.
No need to pay
I didn’t say anything about paying. It’s free in both meanings of the word.
It’s also cross-platform and -browser and better than builtin ones.
Fair enough but both the chrome and Firefox password managers are cross platform and can be exported and imported supporting the ability to move away from them in the future should you choose. So for a first step from having insecure passwords to a password manager that gives strong passwords for someone who doesnt even want to rema strong password in the first place, they are good steps in the right direction. Don’t let perfect be the enemy of good.
I wouldn’t recommend that. Bitwarden is free and works on any device, and doesn’t tie you to a browser. What if you want to switch browsers someday?
Same as wanting to switch password managers some day. Firefox has been the most consistent thing in my life.
That’s not really the same. But if it works for you, go for it.
I mean the post is about people who dont want to put in effort to remember a good password, the path of least resistance here is still a good one. It’s not like the built in password managers are bad. With Firefox you can import from chrome and I believe you can also export the passwords if you wanted to move away from Firefox anyways. It’s not like you are locked away for good.
I started with a browser password manager, and when I needed to change browsers it was an extreme pain in the ass to move everything.
Use a password manager like keepassxc
Or Bitwarden for cloudsync
You can use keepass with cloudsync.
Just have the password file in a cloud.
Sounds like pain in the ass, I really like the auto-fill feature of Bitwarden… (or in my case vaultwarden as backend)
Bitwarden is great! However, Keepass(XC) can do autofill as well.
The only complication is keeping sure your cloud copy is up to date, or your machines are all kept in sync without conflict with something like syncthing. I actually really like the ways you can tweak KeepassXC.
or a notebook
Yes, but that would involve choosing a password manager, setting up the password manager, learning how to use the password manager and remembering to use the password manager.
That’s a one-time cost for a lifetime of not dealing with remembering passwords
That’s easy, have your bi yearly over fixation on privacy and suddenly you’ll be setting up a custom VPN instead of doing your laundry. Fuck I forgot my bedsheets again
Password manager
password managers save my life very hard
- attribution: https://xkcd.com/936/
So, are we just going to pretend dictionary attacks don’t exist?
It would seem so, yes.
Evidence: xkcd is never wrong. :-P
(Although I have always wondered about that aspect yes… perhaps an attack has to switch between trying random letters and random words, which may limit its effectiveness, and still keep the number of words high? What if we swapped out letters like c0rr3ct? - b/c obviously hackers have never heard of 1337 5p33ch before. Yeah I really have not looked this one up, hence default to the joke answer above. irl I use the FOSS KeePass and a large string of random crap… but that is nowhere near as funny to say as correct horse battery staple:-D
Also, https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength does talk about this - but unless it is in the references, there is not too much depth there, e.g. a dictionary may have a certain number of words, but I doubt that they are all used equally - some werds oft encroaches upon my visage with verily greater frequency of occurrence by comparison to alterity, so while in the sense of spherical chickens sliding on a frictionless surface a dictionary attack “may not be viable”, in practice I highly suspect that a way could be found to find, if not one specific password, then at least somebody’s password within a large bank of them.)
I don’t know how but I went way too long without a password manager. Changed my life. I recommend Bitwarden. I also use it to store like, my bank account number or my tax number.
Correcthorsebatterystaple (somebody link please)
Edit: Most places wont allow it due to character requirements and length limits, but it does work and is cryptographically sound.
Yep and then they require you to put special characters, numbers, and capital letters because… Reasons?
I would be the one getting hacked, not them… Let me do what I want.
It’s just because of entropy. More entropy is more secure.
Also sure, it’s you getting hacked, but it’s the service that got hacked that will have all kinds of news stories written about their weak password requirements.
Also, chbs without aA!%12345ing is way harder to inject code with.
Not that anyone is allowed to code considerately and well anymore.
Ok but I’m not losing all my passwords if I lose just one or if my manager breaks. Safety over security smh.
At home I have a notebook, at work I have a system, so I can deduce the password most of the times.
