643
submitted 1 week ago by [email protected] to c/[email protected]
you are viewing a single comment's thread
view the rest of the comments
[-] [email protected] 109 points 1 week ago* (last edited 1 week ago)

Who TF isn’t using a password manager in 2025? Like how would you even function?

EDIT: Y’all need to stop replying with your password generation strategies. JFC it’s like you’re asking someone to pwn your shit.

[-] [email protected] 27 points 1 week ago

My employer, a fortune 500, blocks password managers and all other add-ons.

[-] [email protected] 11 points 1 week ago

When will he be hacked.... Let's place bets everyone!

[-] [email protected] 5 points 1 week ago
  1. On a thursday. It may or may not be raining. I want to say.... May? And the day is a prime number.
[-] [email protected] 3 points 1 week ago

Can I register your bet for 27 dollars or euros?

[-] [email protected] 3 points 1 week ago

Sure, I'll bet in Dollars and take the number equivalent payout in Euros

[-] [email protected] 7 points 1 week ago* (last edited 1 week ago)

My employer, a 12 people big company, nowhere near any fortune list, mandates the use of 1password for all company related accounts.

[-] [email protected] 8 points 1 week ago

Ah but you see there's the problem, you don't have a committee to launch a working group that puts together investigative teams to research and write reports on the benefit of the solution, the ROI of the solution, the training costs of the solution, stakeholder buy in of the solution, and potential alternatives to the solution. You need at least a 10 month process before one jackass says they don't want the solution so the committee can recommend to management that the solution be abandoned.

[-] [email protected] 2 points 6 days ago

God damn, you sure you're not a politician?

[-] [email protected] 2 points 5 days ago

Insinuating that I may be a politician is the most insulting thing someone has said to me in a while, well done. And no I'm not, I'm just a guy who spent over a decade self-employed then went into the corporate world and tried to bring my innovate quickly mindset with me and very quickly found out that even a simple change requires that only affects my department required 5 different people from outside our department to sign off on the change and each one of them assigned 1 or more people to research and report on the change. Losg story short, after a while I found out what was going on and why nothing ever got adopted and I being a snarky asshole learned there corporate buzzwords and started stringing them into the proposals.

[-] [email protected] 2 points 5 days ago

Wasn't intended as an insult, just a joke at your sarcasm reminding me of how politicians talk

[-] [email protected] 3 points 5 days ago

I was also joking, I assumed you were joking.

[-] [email protected] 14 points 1 week ago

Federal and State jobs you can’t use password managers.

[-] [email protected] 25 points 1 week ago

My federal job came with one pre-installed.

[-] [email protected] 4 points 1 week ago

Depends on your clearance level/what you have access to.

[-] [email protected] 1 points 1 week ago

Not gonna get specific, but, I have access to a shitload of sensitive personal data. It's more likely you ran into an agency policy rather than a federal policy.

[-] [email protected] 3 points 1 week ago

No it is literally determined by clearance level. It is mandated.

[-] [email protected] 1 points 1 week ago

Yeah. My agency doesn't use clearance level to determine security requirements. It's likely your password manager policy is agency-specific.

[-] [email protected] 2 points 1 week ago

are you trolling or do you not realize this is massive liability?

[-] [email protected] 1 points 1 week ago

I think they believe getting their fingerprints and having a background check means they have a security clearance or something.

[-] [email protected] 1 points 1 week ago

Health records for veterans don't require a security clearance to be managed. (Personnel records for active military only require a Secret level clearance) You'll wanna take it up with whoever manages security for the VA about the 'massive liability' involved.

https://www.va.gov/securityinvestigationscenter/frequently_asked_questions.asp#q006

[-] [email protected] 1 points 1 week ago* (last edited 1 week ago)

Lol so you do not have a security clearance.

Got it.

FYI if you had a security clearance, posting that you have one in your personal Lemmy account would absolutely be grounds for it to be revoked.

[-] [email protected] 1 points 6 days ago

Lol so you do not have a security clearance.

If you'd paid attention, you'd notice that I never said I had a security clearance. Hell, I even outright said "My agency doesn't use clearance level to determine security requirements".

The fact that you put so much effort into proving me wrong that you lost sight of what I was actually saying says more about you than it says about me.

[-] [email protected] 1 points 6 days ago

At this point I am certain you do not know what a security clearance is.

[-] [email protected] 1 points 1 week ago

This is how you get in my block list.

[-] [email protected] 20 points 1 week ago

Yeah idk about that. I've worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I'm also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.

[-] [email protected] 4 points 1 week ago

Okay so remember the one or two ones you need there (try a passphrase!)

For everything else - password manager.

[-] [email protected] 3 points 1 week ago

Federal I had about 15 passwords. The State job I had about half that.

[-] [email protected] 3 points 1 week ago

Yep.

I use pass phrases filtered through a mess of cyber chef.

[-] [email protected] 5 points 1 week ago

Those are hackable too through

I have passwords I don't care about, passwords I keep on the manager, and then important ones I enter manually every time

[-] [email protected] 7 points 1 week ago

Don't ever use lastpass and the likes, when good open source ones exist.

[-] [email protected] 4 points 1 week ago

Like Bitwarden.

[-] [email protected] 4 points 1 week ago

Because they seem to fall into two categories. Those that have been compromised

And those who haven't.... Yet

[-] [email protected] 4 points 1 week ago

I use modified “HorseBatteryStaple” style passwords. I have a couple base phrases that I always remember, with special characters and numbers inserted. I modify them bit by bit for different sites, and keep a list of the changes - only the changes. Anyone who looks at the list would see random words, numbers, or symbols without context; only I know how it all fits together.

For example, let’s pretend HorseBatteryStaple1! Is my default password. I may have “cell phone, machine 5” on the list. That would mean the password for my cell phone’s payment website modifies the default password by changing one of the words in HorseBatteryStaple to “machine” and the number 1 to 5.

I know password managers exist, but I like to try to remember my own passwords. Especially since I may need them across different devices, including my work laptop that I can’t download new programs onto.

[-] [email protected] 3 points 1 week ago* (last edited 3 days ago)

Caution, reusing parts of your passwords like that significantly reduces the effective entropy.

If someone finds HorseBatteryStaple1! in a plaintext leak, then they only need to guess one word and one number to get your phone password (assuming they know your format or use a matching heuristic).

[-] [email protected] 2 points 1 week ago

So using a combination of this comment and an existing leaked DB (trust me, your credentials have leaked somewhere at some point), all your accounts could be trivially cracked.

[-] [email protected] 2 points 1 week ago

I basically use a childhood limerick in leetspeak. Easy to remember, tough to Crack. Like for example, Peter Piper pickedna peck of pickled peppers becomes "P3t3rP1p3rP1ck3d4P3ck0fP1ckl3dP3pp3rz!" Of course I never used that particular one, but you get the idea.

[-] [email protected] 3 points 1 week ago

So you have the same password for everything? Which would mean a single password leak would compromise all of your accounts?

[-] [email protected] 1 points 1 week ago

I function by only having 2 accounts I actually care about. Bank and e-mail. The rest get the same password over and over because I legitimately don't care about them and never give them real personal data.

this post was submitted on 18 Jul 2025
643 points (100.0% liked)

memes

16433 readers
2966 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to [email protected]

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS