I put all my passwords in a text document, then print it on a little strip of paper and shove it up my ass. Whenever I take a crap, I dig it out from the turds and try to memorise some of them again. Then I shove it back up there where noone else can find my data and I won’t lose it.
Google Says Sorry After Passwords Vanish For 15 Million Windows Users.
Submitted 3 months ago by ModerateImprovement@sh.itjust.works to technology@lemmy.world
Comments
ZarkleFarkle@sh.itjust.works 3 months ago
postnataldrip@lemmy.world 3 months ago
Ah yes, KeepAss
Eximius@lemmy.world 3 months ago
Spectacular
And009@reddthat.com 3 months ago
I’m scared of downloading after that Mexican party
ikidd@lemmy.world 3 months ago
sh.itjust.works
ZarkleFarkle@sh.itjust.works 3 months ago
Forgot to mention I delete the text document and set fire to the computer’s hard drive. The passwords are only ever in my ass, with the rest of my personal shit.
Crackhappy@lemmy.world 3 months ago
Following up your own shit post with another shit post is shit post gold.
lemmyvore@feddit.nl 3 months ago
This tracks very close to my idea of the suppository flask stick.
knacht1@lemmy.world 3 months ago
Bitwarden here. Works well.
homesweethomeMrL@lemmy.world 3 months ago
No $10 gift card?
Lame.
daddy32@lemmy.world 3 months ago
“Chrome users” or “Chrome under windows users” would be closer to the truth. Still, quite a screw up.
tdawg@lemmy.world 3 months ago
Something like 2/3rds of the world uses chrome for desktop. I’d bet that number is higher for windows specifically. If you’re the rare person who doesn’t use chrome then you’re savy enough to know this doesn’t apply to you
InternetUser2012@lemmy.today 3 months ago
“Here’s what you need to know” - Avoid anything Google.
sidgames5@lemmy.zip 3 months ago
Keepass has been working with no issues
dan1101@lemm.ee 3 months ago
All of them are vulnerable to bugs though. Just a matter of luck.
IllNess@infosec.pub 3 months ago
Which bugs breaks Keepass encryption?
parpol@programming.dev 3 months ago
[deleted]yggstyle@lemmy.world 3 months ago
A better statement should be: you should remain vigilant and light on attachment to any banner. If an ill wind blows and you don’t like it, it’s time to move. Control your data- aspire to be a digital nomad.
Firefox isn’t without it’s own issues, recently. Google used to be viewed as a paragon once, too.
BearOfaTime@lemm.ee 3 months ago
I don’t use the password manager in Firefox, what a terrible idea.
Use an independent password manager, something purpose-built.
And using Linux? Hahaha, right, right. Call me when there’s a serious OneNote, or even more importantly, Excel competitor. (Or even a standard shell on Linux, or the same set of tools built in).
KLISHDFSDF@lemmy.ml 3 months ago
Call me when there’s a serious OneNote…
OneNote works on the web, but there’s also Notenook if someone is looking for similar features with an app for offline access + End-to-end encryption and open source alternative. I’ve got it syncing to my Android, Windows, Linux and Mac clients without issue.
…or even more importantly, Excel competitor.
There’s OnlyOffice which has a spreadsheet. Yeah it’s not Excel which has existed for a million years, but it should work for the vast majority of users’ basic needs. It may not work for your specific use case, but it is a viable alternative that exists today. If you want more online collaborative features (like the o365 version has) you can use CryptPad, which provides an end-to-end encrypted and open-source collaboration suite, including the web version of OnlyOffice Spreadsheets.
Or even a standard shell on Linux…
What does this even mean? Nearly every major Linux distro sets bash as the default shell, and if not the default, is probably already installed and called if needed. Not sure I understand the problem here.
…or the same set of tools built in
Stick to a single OS and you get the same set of tools built in? This is a strange statement to be making against a system that not only thrives on diversity but has lots of niche systems that require a myriad of default tools.
I do completely agree about not using any browser’s built-in password manager.
lemmyvore@feddit.nl 3 months ago
Firefox Sync was purposefully built too, they didn’t wake up one day to find it on the porch in a basket.
It syncs passwords, works on desktop and mobile and can do some other cool stuff — syncs tabs and bookmarks, alerts you to password breaches, send tabs from one device to another, lets you export your passwords etc. It’s a good password manager.
Hexarei@programming.dev 3 months ago
Funny troll is funny
ZarkleFarkle@sh.itjust.works 3 months ago
Say there’s no standard shell on Linux again and I’ll Bash your head in
tabular@lemmy.world 3 months ago
It is not the software which can lack seriousness, but the developer and the user. One is proprietary, controlling the user - the other is free software and the user is in control (free as in freedom).
Ilovethebomb@lemm.ee 3 months ago
How do you know someone runs Linux?
Don’t worry, they’ll tell you.
ArcaneSlime@lemmy.dbzer0.com 3 months ago
Well, there does keep being more reasons by the day…
krimson@lemmy.world 3 months ago
Recently started using Bitwarden and it works really well. You can even ditch authenticator because it has OTP built in too.
I selfhost it though because I trust nobody with this type of sensitive data, encrypted or not.
redditReallySucks@lemmy.dbzer0.com 3 months ago
By storing your passwords and otp in the same place it becomes 1 factor authentification
EddoWagt@feddit.nl 3 months ago
Not really as you’re still protected from password breaches, which is most likely to happen anyways, especially if you self host.
If you’re actively being targeted for your bitwarden password, you likely have bigger problems
paholg@lemm.ee 3 months ago
Not if you use 2 factor to access the password manager.
krimson@lemmy.world 3 months ago
Technically yes if my vault gets compromised I would be fucked. I have it firewalled tho and only accessible from home (or VPN to home). So should be pretty secure. I used google authenticator but found it a major pita (can’t even search entries on Android, wtf?). If they make this more user friendly I’ll gladly switch back to a seperate OTP store.
trolololol@lemmy.world 3 months ago
Modern problems require modern solutions
Mwa@thelemmy.club 3 months ago
so no more authy? BITWARDEN HAS THAT BUILT IN??? thats AWESOME
Hexarei@programming.dev 3 months ago
So does keepass
qaz@lemmy.world 3 months ago
It is a paid feature though if you don’t selfhost
Dreamless4561@sh.itjust.works 3 months ago
Yep, for only $10 per year. But just make sure to keep backups of your vault and/or make an emergency kit.
WarlordSdocy@lemmy.world 3 months ago
I was thinking about self hosting but I was worried it would be less secure. I don’t really know a lot about setting that kind of thing up (I do have programming experience but don’t have a lot of server hosting experience outside of doing it for games like Minecraft) and I feel like I’d mess it up and it would be a lot easier to get into than a hardened server. Especially cause the odds I get a virus or something is probably higher then the odds someone breaks into bitwarden’s server. Idk if I’m wrong about this, would love to be corrected if I am, was just my initial thoughts when I switched over from a different password manager to bitwarden.
subtext@lemmy.world 3 months ago
If you don’t trust yourself 110%, don’t host it yourself. Too risky. I self-host everything, but I leave email and passwords to someone else because it’s just too important.
SkyeStarfall@lemmy.blahaj.zone 3 months ago
I think the bigger thing to worry about is, what would happen if your server fails or is destroyed? Would you have a backup of all your passwords? And if yes, are those backups updated regularly and stored in a safe place that also won’t get destroyed if the server gets destroyed (like, say, a house fire)?
Then, yes, you got the cybersecurity angle too
It’s a lot to think about for something as important and fundamental to everything you do on the internet as passwords (and accounts)
krimson@lemmy.world 3 months ago
It’s pretty easy to setup using docker, you do need to know that ofcourse and how to setup dns and stuff.
I have it firewalled so my vault is not accessible from the internet, only from home or vpn to home.
ytg@sopuli.xyz 3 months ago
And it can also store passkeys
MrsDoyle@lemmy.world 3 months ago
A friend has a notebook next to her computer with all her passwords in it. Initially I was horrified - what if you’re burgled? - but actually it’s genius. Much more secure than letting a browser remember them, and she doesn’t even need to memorise a Bitwarden password.
captain_aggravated@sh.itjust.works 3 months ago
In a household it’s probably not that bad. There aren’t many people breaking into homes looking for account details.
I’ve had my identity stolen several times, and every single time it was stolen from a Fortune 500 company.
flerp@lemm.ee 3 months ago
I just make all of my passwords password123 then I don’t have to worry about memorizing them
Crashumbc@lemmy.world 3 months ago
Just add the same memorized bit to the end. Something simple like “123” would work. Even if the book is stolen it won’t do them any good.
PlexSheep@infosec.pub 3 months ago
It’s a primitive password manager, primitive because unencrypted and not integrated into your devices, but far better than not having a password manager.
sexual_tomato@lemmy.dbzer0.com 3 months ago
My mom told me that she was made fun of for having a book of hand written account credentials related to running her business (6 people total). I told her it was the best way to do it that wasn’t massively overcomplicated for her situation and to keep it up. The only recommendation I made is that she use different long passwords for every site since she’s already not memorizing them.
Personally I’m not convinced this isn’t the best way unless you’re being targeted by physical bad actors
SkyeStarfall@lemmy.blahaj.zone 3 months ago
What if the notebook gets destroyed or lost, though? That’s my biggest concern here
ChaoticEntropy@feddit.uk 3 months ago
Premium Bitwarden is so cheap and effective that I find it difficult to justify using an alternative.
communism@lemmy.ml 3 months ago
Keepass with syncthing is completely free
Evotech@lemmy.world 3 months ago
Still. Back it up
gregor@gregtech.eu 3 months ago
I self host my own Vaultwarden instance (a bitwarden server written in Rust) and it’s more reliable than Google’s password manager.
boyi@lemmy.sdf.org 3 months ago
I use encfs and sync it to dropbox etc. Then use gopass password manager to store password in the encfs folders. Not fully auto-integrated but good enough for me.
rekabis@lemmy.ca 3 months ago
No-one should be using any password manager built into any browser, neither Chromium-based nor Firefox-based. Browser password databases are almost trivially easy for malware to harvest.
Go with something external, BitWarden or 1Password, or if you are entirely within the Apple ecosystem their new password system built into iOS 18 is apparently really good.
dan@upvote.au 3 months ago
Go with something external, BitWarden or 1Password,
When it comes to security software, I usually recommend sticking to open-source solutions, which is why I’d recommend Bitwarden over 1Password. Their whole stack (backend, frontend, and native apps) are all open-source. A premium account is well worth the $10/year.
You can self-host their server, or self-host Vaultwarden which is an unofficial reimplementation of the Bitwarden backend designed to be lighter weight.
WhyFlip@lemmy.world 3 months ago
I use Keepass. Free, secure, great.
angelmountain@feddit.nl 3 months ago
No password manager is 100% safe. Make back-ups.
robocall@lemmy.world 3 months ago
communism@lemmy.ml 3 months ago
Me when I don’t use Chrome, I don’t use Windows, and I don’t use browser password saving either
FauxPseudo@lemmy.world 3 months ago
That’s definitely a change from companies just leaving passwords around for anyone to find.
Beaver@lemmy.ca 3 months ago
Switches to Proton Pass
Evil_Shrubbery@lemm.ee 3 months ago
They didn’t vanish, it’s just that now only Google has them.
admin@lemmy.my-box.dev 3 months ago
I guess now is as good a time as any for them to start using a proper password manager.
Personally, I recommend Keepass - it has multiple clients for all platforms, and you can keep the file in sync with a program of your own choosing, like Dropbox, syncthing or whatever you like.
Wistful@discuss.tchncs.de 3 months ago
Keepass XC on PC, Keepass DX on Android, Syncthing to sync database
Works flawlessly!
nekusoul@lemmy.nekusoul.de 3 months ago
Most amazingly, this setup is also unexpectedly resilient against merge conflicts and can sync even when two copies have changed. You wouldn’t expect that from tools relying on 3rd party file syncing.
I still try to avoid it, but every time it accidentally happened, I could just merge the changes automatically without losing data.
OfficerBribe@lemm.ee 3 months ago
I store my DB in Dropbox and use KeePass2Android on phone which has built in Dropbox sync.
GissaMittJobb@lemmy.ml 3 months ago
Bitwarden is probably a more pragmatic choice for most users, given that it’s free and without having to manage the syncing yourself.
Any password manager is better than the alternative, though.
314xel@lemmy.world 3 months ago
I’m not sure what you’re comparing it to. Keepass is free too, in fact it’s open source. Also, local software and database is always superior to cloud.
But, I would say you can use any online password manager as long as it’s end to end encrypted, so Bitwarden is a good choice.
SaltySalamander@fedia.io 3 months ago
Vaultwarden ftw
GoJimi@lemm.ee 3 months ago
Exactly! Self hosted FTW. Chances of a data breach… Typically pretty minor if you are smart.
N1ghtstalk3r@lemmy.world 3 months ago
+1 for a self-hosted Vaultwarden instance. If you’re technically capable and have extra hardware laying around this is the best way to go.
tabular@lemmy.world 3 months ago
Shoutouts to paper and pen.
Keep the booklet in a safe place.
admin@lemmy.my-box.dev 3 months ago
If you never, ever need your passwords outside of your home, that’s great advice - it’s as secure as can be against digital theft. Less so against fire though, and backups are out of the question.
maccentric@sh.itjust.works 3 months ago
Typically, the drawer just below the keyboard (in my experience)
Ilovethebomb@lemm.ee 3 months ago
This is the first suggestion here that’s actually within the technical abilities of most people, even most Lemmy users.
The level of technical knowledge some of people here seem to think the general public has is absurd.
suction@lemmy.world 3 months ago
Never trust your credentials to a private company, they could be bought out by state actors.
Katana314@lemmy.world 3 months ago
Never trust your credentials to yourself, you can be bought out by beer, poor decisions, and tripping over the cables connected to your home server you cobbled together.
CosmicGiraffe@lemmy.world 3 months ago
The xz compromise having demonstrated that FOSS projects are totally immune to interference from state actors…