I use a password manager in my personal life but my job doesn’t allow it so I have to keep the 10 or so passwords I have for various vendor sites in my notes. All my passwords are the same thing with slight variations to meet the different asinine password policies the different sites use. It’s fucking stupid but I don’t care if they’re not going to give me a good way to keep all this shit straight.
Comment on God ****** dammit, here we go again
1984@lemmy.today 1 day ago
For me, if this happens, it has no impact since almost every page i sign up to has a unique password.
Use a password manager. Simple.
lightnsfw@reddthat.com 13 hours ago
1984@lemmy.today 11 hours ago
Totally fair. I also dont care if company blocks things i need to do it right.
MadPsyentist@lemmy.nz 14 hours ago
1Password and Bitwarden both work across multiple devices, os’s and browsers. Work uses 1Password which i have on work computer and work phone. i use bitwarden across home desktop, laptop, phone, homelab, testing phones
Ironfist79@lemmy.world 17 hours ago
That would be great if I only used one browser on one device with one operating system. Between my work laptop, my Macbook, my phone, and my gaming PC nothing syncs and it’s very difficult to share storage between all of them.
1984@lemmy.today 17 hours ago
You can install bitwarden on all those devices. Maybe im not fully understanding…
Trigger2_2000@sh.itjust.works 17 hours ago
Yeah, just tell your work IT staff that you need admin rights to your workstation so you can “install the software you want to” (that they don’t supply or support or update).
See how well that works. /s
1984@lemmy.today 17 hours ago
Ah right. Sorry, I just always used Linux wirh admin rights since I work in IT.
kazerniel@lemmy.world 14 hours ago
I share my Bitwarden account among 4 browser profiles on 2 PC-s.
Jax@sh.itjust.works 17 hours ago
I don’t think anyone just uses one device anymore, pretty sure there are workarounds.
Pyr_Pressure@lemmy.ca 14 hours ago
How unique do passwords have to be in order to be considered safe? If they follow a pattern are they still safe or do these bots try alterations to the leaked passwords as well?
Like if your password to Reddit was reddit1234 and your password to Google was google1234, if the Reddit password leaked is your Google one still okay?
Probably not if it’s a human but bots shouldn’t be able to figure that out ya?
1984@lemmy.today 14 hours ago
They are competely random strings for each site, so having one will not help crack the other.
But if people pick their own passwords, it tends to be some word like you wrote, and then a hacker could try and crack the others by guessing similar words.
IMALlama@lemmy.world 1 day ago
Same, but I do have some level of worry regarding portability. My solution isn’t local or self hosted, as I was looking for easy and works across Linux/Windows/Mac/Android/iOS. I do not look forward to needing to change to a new password manager in the future, but given the way everything seems to be going it seems likely that I’ll have to at some point.
mlg@lemmy.world 1 day ago
It takes a little more effort to setup, but the alternative to syncing a local keystore db like KeePassXC would be vaultwarden, which is a self hosted open source Bitwarden server that gives you all the features of Bitwarden and has full compatibility with all the clients.
Spinning it up is actually very easy, you just have to decide if you want to integrate SSL via a reverse proxy setup or just use the builtin webserver for HTTPS.
L7HM77@sh.itjust.works 1 day ago
KeePass and syncthing. I use Keepass2 on a Linux desktop and laptop, KeePassDX on Android, and use syncthing to keep everything synchronized and up to date, also using an old raspberry pi to act as a central server for syncthing.
Modifying the database on one device seamlessly updates the other devices once they’re visible on the network, everything works beautifully and is very easy to set up on a local network.
Pretty much default configuration all the way around, just gotta make sure syncthing starts on boot. Just did a brief search, syncthing seems to have a MacOS fork, and iOS will need Möbius Sync, which is paid but the free tier offers 20MB storage sync which is overkill for KeePass.
digdilem@lemmy.ml 1 day ago
Right answer. In fact, the only viable answer.
1984@lemmy.today 1 day ago
I think its almost a crime that browsers havent evolved to make users generate unique, secure passwords by default. Its just another huge sign that these browser companies dont care about security or privacy, despite their marketing departement rabbling those words.
I dont think there has been any evolution at all in this area…
CucumberFetish@lemmy.dbzer0.com 1 day ago
Firefox generates random passwords for you by default. You have to disable it in the settings if you want to use another password manager besides Firefox’s built in one.
Rooster326@programming.dev 1 day ago
You can right click any password field in Chrome and the first option is “generate random password”.
2 Issues are the they (1) it is completely unreadable by humans instead of being a passphrase, and (2) The generator does not read any rules off the page so you might have to add a special character.
But the functionality has existed for over a decade