this post was submitted on 24 Jun 2024
441 points (98.0% liked)

Asklemmy

43891 readers
782 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 4 months ago (1 children)

For someone to work it out, they would have to be targeting you specifically. I would imagine that is not as common as, eg, using a database of leaked passwords to automatically try as many username-password combinations as possible. I don't think it's a great pattern either, but it's probably better than what most people would do to get easy-to-remember passwords. If you string it with other patterns that are easy for you to memorize you could get a password that is decently safe in total.

Don’t complicate it. Use a password manager. I know none of my passwords and that’s how it should be.

A password manager isn't really any less complicated. You've just out-sourced the complexity to someone else. How have you actually vetted your password manager and what's your backup plan for when they fuck up?

[–] [email protected] 2 points 4 months ago (1 children)

When Dashlane reports a breach. I change my passwords.

[–] [email protected] 1 points 4 months ago (1 children)

So no vetting at all presumably since you didn't mention it? So how do you know that Dashlane is safer than a password scheme that might be guessed by someone after they've already compromised a couple of your passwords?

[–] [email protected] 1 points 4 months ago

Dashlane is pretty big and I’ve not seen any negative reports from security researchers. They offer bug bounties for people that do find vulnerabilities etc.

I believe the consensus is that password managers are better than any human password scheme. I could host my own manager but then there are more vectors for an attack, and why reinvent the wheel.