Android @lemmy.world NewYorkRush @lemmy.ca 1 yr. ago

Opinion - What are your thoughts on password managers? Do you use one? Would you recommend it to others?

BeyondCombustion.net @lemmy.beyondcombustion.net ProfessionalHandJob @lemmy.beyondcombustion.net 1 yr. ago

You're viewing a single thread.

1K comments

I dont use password managers.

I just use a set of random words + random numbers, usually something related to the website, the time period (like major global events), maybe just the mood I'm in when I created the password.

Example: For Lemmy, I might use IslandMazeMouse0216 (I do not use the password btw, never used this before and now never will, don't try hacking me lol)

"Island" because the fediverse is like a bunch of islands, that formed together into one fediverse, "Maze" because this shit is confusing, and "Mouse" because the Lemmy logo looks like a mouse, 0216 because of June 12, the day the protest began, 0612, but reversed, but not reversing the 0, so 0 216.

Now I feel dumb for explaining, but also want to hear opinions.

But you see, it doesn't matter. Most websites have login limits so you can't really brute force the password. I just hate "password managers", if I were getting old, I'll probably just put my passwords inside a Standard Notes note, or just put it in a txt and use 7Z AES256 and upload it to a few cloud services.

For offline passwords, like a Windows Veracrypt encryption password, I use 5-8 random words with 5-7 random numbers and increasing the PIM.

For mobile, I use like 16-25 digits numerical pin, alphanumeric passwords are just too hard to type. I've been experimenting with long alphanumeric password + biometric, or a pin, and honestly idk which is better. I don't want someone accessing my phone while I'm sleeping, I might forget to turn off biometrics before I sleep.

I'm not gonna encourage everyone to do what I do, I am not a security expert, just some dude on the internet, but I just want to share how I deal with passwords. Feel free to criticize any flaws. 😅
- You didn't give your password but you gave your method for creating them which is not the best idea you know
- I don't use the random generated passwords cuz they're hard to read. And some dumb forms disable copy/paste stuff.
  
  I get all my passwords from usapassphrase.net, and then usually capitalize the words, separated by periods, with 69 appended to the end.
  
  It's easy to remember or type, and it also typically works for password rules around casing, numbers, and special character inclusion. Plus 4 word passphrases tend to be a lot of characters, providing a nice long password which is good for security.
- Few critiques, not personally towards you at all but I really don't think people should follow this approach
  
  People can have hundreds of different passwords across various sites this really isn't achievable
  
  Human memory is terrible as well, it's not a matter of if you forget it's when
  
  Storing in a standard notes file is absolutely terrible security, it's also extremely unusable once you have more than a couple passwords
  
  I really suggest to people using a password manager, most of them have apps for your phone and plugins for your web browser to allow you to autofill. They also allow you to randomly generate passphrases/codes for different sites and the autofill means you never have to remember a single one whilst having extremely strong passwords
  
  I'd recommend looking into either Bitwarden or 1Password

You've viewed 1024 comments.