Please hold your password notebook in front of the laptop camera.
Comment on Password manager by Amazon
vk6flab@lemmy.radio 8 months ago
Here’s the thing … as crazy as a notebook with passwords sounds, it’s not accessible to someone across the internet.
AnUnusualRelic@lemmy.world 8 months ago
BlackPenguins@lemmy.world 8 months ago
Just maybe don’t plaster “THESE ARE MY SECRETS” on the cover. Security through obscurity.
Cocodapuf@lemmy.world 8 months ago
My mom had a nice little notebook for passwords. But when she passed, we couldn’t find it anywhere… We went through the whole apartment, everything.
Not having her passwords made a lot of things harder, closing her accounts, abusing her laptop, phone, etc. So while you shouldn’t advertise it, do tell a few people where to find it if they need to.
GraniteM@lemmy.world 8 months ago
INTERNET PASSWORD LOGBOOK is probably just a paper slip that you can remove, and then it’ll just be a blank leather journal.
Now a REALLY secure physical logbook would just have the cover of a boring, unremarkable-looking book on the outside.
A_norny_mousse@feddit.org 8 months ago
It depends on what the user fills it with.
Even the objectively safest solutions will be much shorter, and have less entropy, than what a pw-manager can deal with.
wreckedcarzz@lemmy.world 8 months ago
Their Ring camera that points directly at the desk they keep this notebook on: “it’s showtime”
vext01@lemmy.sdf.org 8 months ago
It’s actually quite a secure way to store passwords, since it requires physical access.
I knew a guy who had a drawer full of slips of paper with passwords written on. He called it the “security drawer”. Made me smile, but probably shouldn’t have been advertising it.
lars@lemmy.sdf.org 8 months ago
Oh I know him. What a weirdo. Fun guy tho. Did he move what’s his new address anyway?
6nk06@sh.itjust.works 8 months ago
Password managers check the URL before giving its data. A human being can be fooled into giving it to a fake web site.
MentalEdge@sopuli.xyz 8 months ago
Except they can be fooled too.
Bitwarden warns against using autofill on load for that very reason, as then simply loading a malicious page might cause it to provide passwords to such a site.
lmmarsano@lemmynsfw.com 8 months ago
they can be fooled too.
Makes it harder: when I go to the wrong website, the manager simply doesn’t suggest credentials (it does not have) for it. That causes me to wonder why.
Without a password manager, a user is never prompted to wonder. They’d simply not notice.
Serinus@lemmy.world 8 months ago
Wait, what? How does autofill get fooled?
gaylord_fartmaster@lemmy.world 8 months ago
Someone manages to maliciously sneak username and password fields onto a site that store what is entered as soon as it’s typed. They don’t even have to be visible to the user and bitwarden will fill them in as soon as the page loads.
Darkassassin07@lemmy.ca 8 months ago
You’ve always got the human element, bypassing security features; but extra little hurdles like a password manager refusing to autofill an unknown url is at least one more opportunity for the user to recognize that something’s wrong and back away.
acosmichippo@lemmy.world 8 months ago
but:
way less convenient to generate dozens and dozens of complex passwords. which means it’s less likely to be used/updated as much as it should be.
not tied into MFA which is an additional layer of security and convenience