Comment

Comment on God ****** dammit, here we go again

I was thinking about this earlier. The password manager browser plugin I use (Proton Pass) defaults to staying unlocked for the entire browser session. If someone physically gained access to my PC while my password manager was unlocked, they’d be able to access absolutely every password I have. I changed the behavior to auto-lock and ask for a 6-digit PIN, but I’m guessing it wouldn’t take an impractical amount of time to brute-force a 6-digit PIN.

Before I started use a password manager, I’d use maybe 3-4 passwords for different “risks,” (bank, email, shopping, stupid shit that made me sign up, etc). Not really sure if a password manager is better (guess it depends on the “threat” you’re worried about).

source

Sort:hotnew top

gian@lemmy.grys.it ⁨1⁩ ⁨week⁩ ago
If someone can gain physical access to your PC you are done anyway, he van simply copy the file or do whatwver he want

source
sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨week⁩ ago
Yes, it is better. The likelihood that someone will physically access your device is incredibly low, the likelihood that one of the services in your bucket gets leaked and jeopardizes your other accounts is way higher.

I set mine to require my password after a period of time on certain devices (the ones I’m likely to lose), and all of them require it when restarting the browser.

it just unlocks with a fingerprint, and I think law enforcement are allowed to force you to biometrically unlock stuff

True, but it’s also highly unlikely that LE will steal your passwords.

My phone requires a PIN after X hours or after a few failed fingerprint attempts, and it’s easy to fail without being sus. In my country, I cannot be forced to reveal a PIN. If I travel to a sketchy country or something, i switch it to a password unlock.

source