this post was submitted on 27 Oct 2023
1294 points (98.0% liked)
Memes
45887 readers
1117 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
i use this on all sites:
3 lower case 3 uppercase 3 special chars and 3 numbers, (pseudo) randomly arranged, (pseudo) randomly generated.
How do you keep track of your passwords, if you don't mind me asking? That's where I get stuck
I'm sure I'll get shredded for this, but I keep my passwords in a notebook. Every once in a while I go through and change them all into other random nonsense and reorganize to keep it neat. I am a bit of a notebook fanatic and a have a whole shelf full of them. If someone ever broke into my house there's no way they're going through all of them to find anything like that. If the house burned down, maybe a bit of a problem, but as long as I have my phone I can get my email back, and between my phone and email I can get any of the important ones back as well.
If I had corporate or government secrets and was the target of espionage I'd probably rethink, but the danger of anything is so minuscule.
To be fair: A notebook with a bunch of strong passwords is probably more secure than a human brain memorising a bunch of weak passwords.
If you’re alright with an online password manager Bitwarden is the best one there is. If you prefer having an offline password manager KeePassXC is a great option as well :)
Bitwarden is also a offline password manager.
A password manager. I personally use 1Password, I've seen a lot of recommendations for BitWarden, and my workplace uses KeePass.
Derive the pseudorandom parts somehow from the url domain and you'll always be able to figure it out.
Yeah, if you use your own password cipher, you never have to memorize a password again. Just derive it based on some common input value, like the company name or url. Makes password rotation tricky, though, and it's a pain when a website won't allow a special character you generally use, creating "one offs" that are hard to track.
I did this for years. Yep, it works enoughish, but I'm so much happier on a password manager now, and it's pretty fun to see the managed passwords having so much more entropy than even the most obscure things I was algorithmically generating. Also, the speed of using a manager is great. Somehow I ended up with multiple Ticketmaster accounts (from using a different email address for some one-off season tickets that migrated into TM later). I think the moment I realized I wanted to change to a manager was when I was walking up to a concert and realized I hadn't downloaded my ticket. I got into TM and realized I needed to switch accounts. So then I'm trying to walk and type my big fucky nerd-assed brain-generated password on mobile, fat-fingering the touchscreen keyboard, almost locking myself out of the account when I just want to get into the venue and relax. Later, that first moment trying an integrated pass manager and effortlessly switching between accounts, each with far stronger passes than I would have remembered, limited only by the loading speed of the site and with virtually zero chance of locking myself out... that really made me feel like fancy Pooh meme.
I’ve done this and it has been convenient, but using a password manager is still the way to go IMO. The personal password algorithm approach starts to be a pain when you need to follow a different set of character rules or change a password. With a password manager there’s no hesitation or friction when considering a password change.