this post was submitted on 14 Aug 2024

15 points (100.0% liked)

Privacy

32111 readers

711 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Use a password manager (lemmy.ml)

submitted 3 months ago by Charger8232@lemmy.ml to c/privacy@lemmy.ml

101 comments fedilink hide all child comments

It is truly upsetting to see how few people use password managers. I have witnessed people who always use the same password (and even tell me what it is), people who try to login to accounts but constantly can't remember which credentials they used, people who store all of their passwords on a text file on their desktop, people who use a password manager but store the master password on Discord, entire tech sectors in companies locked to LastPass, and so much more. One person even told me they were upset that websites wouldn't tell you password requirements after you create your account, and so they screenshot the requirements every time so they could remember which characters to add to their reused password.

Use a password manager. Whatever solution you think you can come up with is most likely not secure. Computers store a lot of temporary files in places you might not even know how to check, so don't just stick it in a text file. Use a properly made password manager, such as Bitwarden or KeePassXC. They're not going to steal your passwords. Store your master password in a safe place or use a passphrase that you can remember. Even using your browser's password storage is better than nothing. Don't reuse passwords, use long randomly generated ones.

It's free, it's convenient, it takes a few minutes to set up, and its a massive boost in security. No needing to remember passwords. No needing to come up with new passwords. No manually typing passwords. I know I'm preaching to the choir, but if even one of you decides to use a password manager after this then it's an easy win.

Please, don't wait. If you aren't using a password manager right now, take a few minutes. You'll thank yourself later.

(page 2) 50 comments

sorted by: hot top controversial new old

[–] Ovata@lemm.ee 1 points 3 months ago

Been using Bitwarden for a couple years now…

No regrets

[–] Procapra@hexbear.net 1 points 3 months ago* (last edited 3 months ago) (1 children)

Personally, I use PassWord123! for everything. It says its a strong and secure password so why wouldn't I use it for everything?

load more comments (1 replies)

[–] Echo5@lemmy.world 1 points 3 months ago

I actually combine a password manager with a password book, don’t like storing data for sensitive accounts on servers that can be breached and I’m too lazy to self host 😬 and I can remember my password phrases for sensitive accounts I use normally.

[–] lemmyknow@lemmy.today 0 points 3 months ago (1 children)

Say, what are the chances either

someone comes to depend on the password manager to get into their accounts, gets locked out of the password manager, and loses access to all their accounts (e.g. using the password manager to create and store passwords they might never have even seen);

their password manager (or account) gets hacked, somehow, and all their accounts get taken at once

[–] kevincox@lemmy.ml 1 points 3 months ago (1 children)

These are real issues however they are pretty easy to mitigate, and I would say that the upsides of a password manager far outweigh the downsides.

Make sure that you are regularly typing your master password for the first bit. After that you'll never forget it. You can also help them out by saving a copy of their master password for them at least until they are sure they have memorized it. There are also password managers where you can recovery your account as long as you have the keys cached on at least one device.
This is far, far outweighed by the risk of password reuse. This is because when a single one of the sites you use gets hacked then people will take that credential list and try it on every other site. So with a password manager there is just one target, without it is one of hundreds of sites where you reused your password. Many password managers also have end-to-end encryption so without your password the sync service can't be hacked (as it doesn't have access to your passwords).

load more comments (1 replies)

[–] feoh@lemmy.ml 0 points 3 months ago (2 children)

I blame the tinfoil hat infosec crowd for not understanding that the world they inhabit is not the same one Regular Users live in.

Is there risk in keeping all your passwords in one place, whether it's on your hardware or someone else's? hell yes! Is that risk stastically speaking ANYTHING LIKE the risk you take when you use 'pencil' for all your passwords because you can't be arsed to memorize anything more complex? OH HELL YES.

Sure, if you're defending against nation state level agressors, maybe using a password manager isn' the wisest choice, but for easily 99% of computer users, we're at the level of "keeping people from drooling on their shoes". So password managers are probably a GREAT idea.

[–] ReversalHatchery@beehaw.org 1 points 3 months ago

So password managers are probably a GREAT idea.

That is, when they can manage to use it.

[–] Appoxo@lemmy.dbzer0.com 0 points 3 months ago (1 children)

I feel like password managers are more targeted to companies where sharing and controlling login data shouldnt be logged on some table in an excel sheet.
It just so happens that a manager is also god damn convenient for the private individual

[–] feoh@lemmy.ml 1 points 3 months ago

I don't think that's always the case. 1Password started out as a personal password manager and only added the corporate/teams/families features later.

[–] idefix@sh.itjust.works 0 points 3 months ago (1 children)

I migrated to Bitwarden from Firefox a few months ago and I regret it as it's slower and inconvenient while not adding any major features. So yes, use a password manager and the one provided by Firefox is perfect for almost everyone.

[–] Appoxo@lemmy.dbzer0.com 1 points 3 months ago

How is it more inconventient and slower?
The only reason should be that it needs to decrypt the vault upon login which (depending on the iterators of the encryption and the processing speed of the system) can take a second more. Until then it's equal to a native integration.
Upside: You are not locked to a browser anymore as (at least Bitwarden) is agnostic.

[–] mechap@lemmy.ml 0 points 3 months ago (2 children)

Whatever solution you think you can come up with is most likely not secure.

Having my passwords written down on a piece of paper is not safe ?

[–] ReversalHatchery@beehaw.org 0 points 3 months ago (1 children)

Maybe it's secure but not safe. You won't know if you have mistaken a character until it's too late, or when you have written it ambiguously but you still remember it and don't notice.

[–] KeenFlame@feddit.nu 0 points 3 months ago (1 children)

Sorry for the bother, but I get a little annoyed when people try to argue semantic difference in synonyms. What do you think is the difference between secure and safe?

[–] ReversalHatchery@beehaw.org 0 points 3 months ago

Security and safety are not synonymous, they have a different meaning.

Security is that your password is stored in a way that it cannot be accessed by those you don't want. Safety means that you won't lose access to it and that it remains usable.

The distimction may be clearer with an other example.
A factory is secure if only the employees can enter, and it is safe if it does not want to fall apart and the machines in it don't kill the employees.
Maybe it can be generalized so that security is for the access, safety is for the mistakes and the disasters.

[–] EuroNutellaMan@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (1 children)

No. Anyone near you or with access to your place can see it. And most people know of the tricks.

Also you can't encrypt it and most of all you can't really generate as strong passwords as those generated by password managers, meaning I don't even need the paper to try and crack your password

[–] eunieisthebus@feddit.org 1 points 3 months ago

you can't encrypt it

My friend, you will be surprised that encryption is something that not only the magical internet machine can do.

[–] Pyr_Pressure@lemmy.ca 0 points 3 months ago (12 children)

I don't even understand why I need to make a password for some sites anymore. They send a code to my phone everytime.to make.sure it's me so it seems like there's practically no point.

load more comments (12 replies)

[–] zeh_ahoi@lemmy.ml 0 points 3 months ago (2 children)

i dont understand this post. like every browser has a password manager, why install some 3rd party you can even trust less?! am i missing something? doesnt safari have a password manager? is keepasscx really safe (CVE-2023-32784)? or bitwarden (https://blog.redteam-pentesting.de/2024/bitwarden-heist/)?

[–] Cube6392@beehaw.org 0 points 3 months ago (3 children)

In-built password managers for browsers are straightforward to crack. Like… Terrifyingly easy. It's much better to use something like Bitwarden, Vaultwarden if you don't trust Bitwarden, 1Password if you really want the reassurance of paying someone for trust, or KeePass if you don't trust anyone at all (I, personally, fit into this category).

load more comments (3 replies)

[–] Dyskolos@lemmy.zip 0 points 3 months ago* (last edited 3 months ago)

With keepasscx YOU have the password-file. Period. You know what's been done with it: Nothing, as it doesn't phone home except update-checks. Which you can also disable.

With the browser-addon you'll get the same result but with control.

[–] chottomatte@lemdro.id 0 points 3 months ago (1 children)

Using Proton Pass was a game changer to me , I don't have to ignore the necessity to put a strong and complicated password for security reasons anymore, Proton generate it to me and stores everything ( so I don't need to remember which password I set for which account ) But the bad aspects of cloud services worry me a little about this: the possibility of a security breach of the service, or the possibility of not being able to access it for any reason is a real disaster if it happens... so I'm thinking of exporting my passwords to another safe place for such cases.

[–] Charger8232@lemmy.ml 0 points 3 months ago (1 children)

But the bad aspects of cloud services worry me a little about this

KeePassXC is entirely local.

load more comments (1 replies)

[–] land@lemmy.ml 0 points 3 months ago* (last edited 3 months ago) (3 children)

You are right. However most of the mainstream YouTubers promote rubbish password managers, which is why most people I know don't know about bitwarden. I usually recommend bitwarden or proton pass. (I'm self-hosting vaultwarden). More privacy focus YouTubers need to promote bitwarden, keepassxc etc. (I'm waiting for proton pass self-hosting option).

load more comments (3 replies)

load more comments