this post was submitted on 05 Jun 2024
241 points (95.5% liked)

Greentext

4375 readers
1401 users here now

This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.

Be warned:

If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.

founded 1 year ago
MODERATORS
 

Not a true greentext but I hope I have captured the spirit of it. (First time I wrote smth like this, don't be harsh on me. >w<)

all 43 comments
sorted by: hot top controversial new old
[–] [email protected] 70 points 5 months ago (1 children)

Use a password manager. Won't forget passwords anymore.

[–] [email protected] 52 points 5 months ago (5 children)

proceeds to generate password for each service and forget the master password

[–] [email protected] 32 points 5 months ago* (last edited 5 months ago) (2 children)

just use a password-manager-password password manager for the password manager password

[–] [email protected] 4 points 5 months ago

Or use a hardware key to unlock it. And then loose that hardware key. Does keepassxc support fingerprints yet?

[–] [email protected] 17 points 5 months ago (2 children)

Write it down somewhere. Just do it by hand.

[–] [email protected] 17 points 5 months ago (1 children)

Yes, and the master should be a paraphrase not a password.

[–] [email protected] 8 points 5 months ago (1 children)

That's just recommended to emphasize length. If your password is as long as a passphrase it's likely more secure (harder to remember though).

[–] [email protected] 7 points 5 months ago (1 children)

But if the point is to remember it, then you should use the security from length of series of 5+ random words. It’s easier to remember, write down, and type. All great characteristics of a master passphrase.

[–] [email protected] 8 points 5 months ago (1 children)

I don't disagree, sorry if it sounded like I did.

There's just a theoretical weakness since the base word lists are usually public knowledge and bruteforcers could (and probably already have) optimize for that.

The advantages of a passphrase outweigh though as you mentioned. An attacker would first need your repo anyway.

[–] [email protected] 6 points 5 months ago (1 children)

I'm adding obscure memes and anime references to my passphrases. Good luck bruteforcing that

[–] [email protected] 1 points 5 months ago

Separating some of the words with random symbols also isn't too hard to remember and no chance that can be bruteforced.

[–] [email protected] 4 points 5 months ago

Also, you don't need to write it down correctly, if you remember what's the missing or different or fake bit. And you can write down a few decoy ones next to it. Or have it in two different places. Lots of room for obfuscation along with some good old fashioned physical security on where you store the note. And the backup note off-site, if you're that kind of person.

Hell, just make some extra decoy ones just for fun and practice.

[–] [email protected] 9 points 5 months ago (1 children)

just make the password a little story you can remember, e,g. "Carl+Lenny:go2a bar&spend$$$"

[–] [email protected] 7 points 5 months ago

Hell naw, my last password was: Xé7&//sgn385d$@+îñccv72RtY¾ff°¥∆§

[–] [email protected] 4 points 5 months ago

My strategy for this is to have a second password manager available on a couple old devices, accessed with biometrics (fingerprint in this case), and only the master password saved within it.

I considered saving it within the main manager itself, since I have devices where I can use biometrics rather than password, but that feels like a bad idea.

Has definitely been a life saver

[–] [email protected] 3 points 5 months ago

Print out your recovery kit or master password and put it with your other documents (like birth certificate).

[–] [email protected] 56 points 5 months ago (2 children)

why is life like this?

Because someone else getting access to your email account nowadays is worse than losing your wallet, phone and keyring, combined.

[–] [email protected] 26 points 5 months ago* (last edited 5 months ago) (2 children)

why is life like this?

Because the whole thing started with anon forgeting their password, the solution for which should be complicated and secure, which it is.

[–] [email protected] 8 points 5 months ago

I locked myself out of my main email account once.
I had set it up in the year 2000, when people didn't have mobile phones, so they sent a letter to your home address before they activated it.
In the meantime, I had moved 11 times, updated my personal info on the site a few times, but never added a phone number or recovery mail address.

So when I called the hotline and they asked me for my address to confirm I'm me, that was a hard one to answer. But I actually got it right in the second try, which was good enough.

[–] [email protected] 1 points 5 months ago (1 children)

The new issue is that I don't remember the password for DICK. I know the password to like, my password manager, on a good day.

There are like 500 other passwords I have to sift through to sign into anything

[–] [email protected] 1 points 5 months ago

Isn't that what a password-manager should solve?

[–] [email protected] 3 points 5 months ago

Yet having your phone stolen, which is usually worse than that, is super easy, and if you're being mugged, the criminal will also force you to remove the pin/lock because that takes less than a minute.

[–] [email protected] 19 points 5 months ago (2 children)

Websites need desperately to display their password creation rules on login pages. If I knew this particular site had (for some dumbass reason) a maximum password length less than the length of the password I'd otherwise use on that site or (also completely unreasonably) restricts special characters, I can more easily figure out what password I used when I signed up with fewer wrong guesses, all without sacrificing any security. (It's not like the rules aren't public info that anyone can get. Just don't make me go halfway through the signup process to get that information if I'm just trying to log in.)

[–] [email protected] 9 points 5 months ago

Use a password manager, no need to remember shit then (besides your master password). For example if you want a local solution KeePass and sync the file (I use Dropbox, it's encrypted anyway). You can also access it on Android with the sync.

[–] [email protected] 5 points 5 months ago (1 children)

Oh yeah, that would be a huge QoL thing.

[–] [email protected] -1 points 5 months ago (1 children)

It would also let hackers know what combinations not to try.

I have a better proposal: If your login page has any restriction on passwords (other than being part of Unicode and a max length of 128 characters) then your site should be shut down.

[–] [email protected] 14 points 5 months ago

It would also let hackers know what combinations not to try.

You mean the exact thing they could learn by clicking on "sign up"?

[–] [email protected] 14 points 5 months ago (1 children)

Life is like this because its easier on the developers than having to deal with the deluge angry customers losing all their shit to scammers because they use the same 5 character password for every site on the internet.

[–] [email protected] 17 points 5 months ago* (last edited 5 months ago)

Life is like that because some people are constantly trying to steal shit

[–] [email protected] 11 points 5 months ago

Based and true

[–] [email protected] 8 points 5 months ago

If you'd pirated the game you would have spent all that time playing it instead.

[–] [email protected] 7 points 5 months ago (1 children)

Write down your passwords on a piece of paper. That's literally more secure than keeping your stuff on your computer. It still won't stop the services from wanting to be double sure you're you because your browser's cookies got cleaned

Also, reset your steam password from a browser, never from the program itself. Fucking captcha never works properly on the fucking program.

[–] [email protected] 5 points 5 months ago

I would argue that as long as you're careful not to get any malware keepassXC is a lot more secure and comfortable to use than tying out the passwords one by one again. Or in general your own vault warden server

[–] [email protected] 2 points 5 months ago
[–] [email protected] 1 points 5 months ago (2 children)
[–] [email protected] 8 points 5 months ago

Nah this is actually how using steam + Gmail is.

[–] [email protected] 3 points 5 months ago

Nope, I shared my experience on discord in greentext format because I found the whole process funny (not hating on security) and then thought that it would be a good idea to post it on lemmy too.