this post was submitted on 27 Oct 2023
1301 points (98.0% liked)

Memes

45522 readers
1230 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
1301
Add-on: same password, same identity. (lemmy.world)
submitted 1 year ago by [email protected] to c/[email protected]
177 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 1 year ago* (last edited 1 year ago) (1 children)

I've actually come up with a way to have a complex and unique password for each service which is also resilient againt forced password changes, doenst require a password manager, and if Im being tortured I still wont be able to tell them what it is because I dont know it unless Im at the login screen. If the service changes the layout of their login screen though, Im fucked.

[–] [email protected] 8 points 1 year ago (1 children)

How? πŸ˜‚

[–] [email protected] 9 points 1 year ago (1 children)

It must be some sort of compression algorithm of the information presented at the log-in screen.

[–] [email protected] 16 points 1 year ago (1 children)

If they change/rebrand the login he's screwed. Just use a password manager people.

[–] [email protected] 2 points 1 year ago (6 children)

I've been thinking of starting to use one more and more, is there any you would recommend? Are all the good ones a paid service? And my biggest concern is someone getting into the password manager itself, is that something that I should worry about?

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

I'll second the other comment suggesting KeePass, but the biggest issue I had with it was syncing the database across devices. Ultimately I stored it in OneDrive, but it occurred to me that at that point it wasn't much different to a cloud password manager, which I especially didn't trust.

I now self host a Vaultwarden instance from my Raspberry Pi, and that works perfectly for me, but it does require a bit of Linux experience and a spare device to run the server.

[–] [email protected] 2 points 1 year ago

I'm using KeepassXC and sync with Syncthing (which is P2P), and I'm quite happy with it. Seems like you got your setup figured out, but this is a bit simpler for someone looking into password managers

KeepassXC also has a great browser integration c:

[–] [email protected] 4 points 1 year ago

I like Bitwarden. It's open source. The Firefox plugin and Android app work great. Also free.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

I don't trust a service for my passwords so I'd rather trust an open-source software.

Try KeePass, it runs both on a PC as well as a phone so just carry your encrypted passwords with you.

Edit: And passwords aren't enough, use multi-factor for services that offer it. Preferably via an app instead of SMS.

[–] [email protected] 3 points 1 year ago

Bitwarden has been working well for me, and it’s open source and free to use. I started using it when it was clear that using LastPass was not a long term solution.

[–] [email protected] 1 points 1 year ago

1Password is a solid service if you're OK with the proprietary aspect. I use it personally and we use it at work (I'm an infosec consultant)