We've all been there.
this post was submitted on 14 Jul 2023
1176 points (92.1% liked)
Technology
69156 readers
2692 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Because it's much more fun to come up with passphrases like Correct Battery Horse Staple.
It's a lot easier to remember that than #@?Zk23!nPw
You are not supposed to have to remember anything but your master password. :)
I'd rather try and remember than have a single point of failure for all my accounts' security.
If the passwords are stored offline then I can't get at them if I'm away from where they're stored. If they're stored online they're not secure.
Encryption can be decrypted. A password manager encrypting your passwords is like saying your car has working brakes. It's totally unsafe to even consider operating without but it doesn't say much when it is there.
It's not a matter of "why should I trust them" but "why should I trust them more than the system that already exists". I get the appeal, but the hole is big.
If I forget a password I reset it. If I forget my manager's password can it be reset? Is the reset option, if extent, susceptible to attack?
If an account gets compromised it could have moderate repercussions, but probably minimal depending on the account, with maybe a couple exceptions. If managed passwords get compromised that's potentially everything. There has not, and likely never will be, an impenetrable system, so it is a possibility if not a concern.
By "emergency sheet" are you suggesting writing the access-to-everything password down somewhere? If so I'm hard pressed to think of many things less secure. If not I'm genuinely curious what it is.
I can't imagine a scenario in which I wouldn't have backups, but I appreciate the mention.
I also am generally not concerned with someone pickpocketing my house keys, but that's not to say it isn't a possibility. Awareness is the first step to mitigation.
Email has to be the most protected, I absolutely agree. But I definitely wouldn't be comfortable with the possibility of needing to reset everything else if I lost my master password. But I don't know that I'm more comfortable with the ability to reset. It really kinda feels lose-lose to me.
I don't think we'll move to passkeys any quicker or easier than we moved to 2FA. I'm glad we're getting better options but we're bound by the weakest links and they don't like change.
Thanks for the answers
Because I want control of my passwords in my head not some software, it's not like a string of random characters is any more secure than one that can actually be remembered
Yes because I have an easily remembered system for a unique passphrase for any given site. Not trying to shit on password managers though, just providing a different perspective