cross-posted from: https://infosec.pub/post/42164102
Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
In other news. Water is wet
Am I the only person here that never used one just because of this? They all sounded too sus to me.
Keeping them in your head? So, your passwords must be shit, lmao.
Zero threat prioritisation.
correct horse battery staple
So checkmustanglithium]
for the average person’s home pc, writing them down on a sticky note or notebook is sufficient
if someone unauthorized is physically in your house then you have bigger problems than them knowing your facebook passwordAnd those handwritten notes are secure random passwords and never repeat?
Just too much work for the average person and too inconvenient to type.
See explanation below.
Shit passwords confirmed
What did you do instead?
I have a few that I just have off the wall for a few things and I memorize those. Some I just use ssh keys. Others go off a pattern and I put hints in a file to figure it out. The account itself is not even put in this file, so I have to just know what the hints mean for both the account and what password pattern hints go with them. Usually, the user IDs are something I store in this file, because those get too tough for the aforementioned methods of determinism.
I use Pass since a few years. It has a wonderful package for Emacs, and great iOS apps with face ID for ease of use, and the DB can sync to your own private git server behind tailscale. If you have a server, I definitely suggest looking into it. You can check it out at https://www.passwordstore.org/
