Password managers don't have to be perfect, they just have to be better than not having one

[TechLady]

Reading of the day! I agree with this guy.

"Password managers don't have to be perfect, they just have to be better than not having one":

https://www.troyhunt.com/password-m...y-just-have-to-be-better-than-not-having-one/

 

[Sky-Knight]

I seriously do not want to go back to the days of not having one...

I've got most of my multifactor and everything in Bitwarden now, that's protected by two separate two factor master keys. And now I don't even have to think about passwords. My wife is doing the exact same thing... stuff gets rotated whenever it asks now because it's two clicks and done. And my fireproof safe has the master export should things go low tech.

 

[GreyWolf]

https://xkpasswd.net/s/

 

[Sky-Knight]

And those lovely systems that only let you use 14 characters OR LESS! XD

 

[HCHTech]

https://xkpasswd.net/s/

I have used this cartoon in my "Be safe on the internet" presentations for quite a while now. My favorite part:

Difficulty to remember: You've already memorized it

Now if we could just get the CEOs of every bank and brokerage house to read it, when we might make some progress. It's absolutely crazy that the systems that protect OUR MONEY are the most backwards. My previous bank: 5 character minimum, 10 character maximum, no special characters, must change every 90 days. It's one of the reasons I left them.

 

[TechLady]

As clever as that cartoon is...elderly customers just want little password books.

 

[mraikes]

https://xkpasswd.net/s/

While I've always liked this comic, it seems to me that little real-world security is added by super complex passwords (even the four random words). Particularly when that long complex password is used for every single login. How many average-joes are ever a victim of an actual brute force attack on their passwords? Phishing and plain stupidity allow criminals far more access than brute force password hacking.

Perhaps everyone's security would be enhanced in a practical, rather than theoretical, way if everyone just used a different password (and username!) for every site.

 

[fencepost]

For people working with SMBs, Passportal has a nifty little added package that provides a managed password manager on a per-domain basis (e.g. CustomerA, CustomerB, etc.) with no user limits. 5 domains for $50/month.

 

[seedubya]

https://xkpasswd.net/s/

Hah! This is my bible for password generation!

 

[seedubya]

While I've always liked this comic, it seems to me that little real-world security is added by super complex passwords (even the four random words). Particularly when that long complex password is used for every single login. How many average-joes are ever a victim of an actual brute force attack on their passwords? Phishing and plain stupidity allow criminals far more access than brute force password hacking.

Perhaps everyone's security would be enhanced in a practical, rather than theoretical, way if everyone just used a different password (and username!) for every site.

Agreed BUT the xkpasswd approach is extremely useful for passwords that need to be used daily without a password manager and remembered e.g. encryption or Windows login passwords or, ironically, your master password.