this post was submitted on 27 Oct 2023
1302 points (98.0% liked)

Memes

45660 readers
1230 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 1 year ago (34 children)

Just use a password manager, then you get the benefits of having a single password to remember without the security-related downsides.

[–] [email protected] 19 points 1 year ago (22 children)

I never got over the fact that I somehow need to trust to an absurdly high degree a proprietary software to store ALL my passwords. Is this really a good idea?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

It's the choice between trusting one company (or if you self host, trusting yourself) to have their security all in order and properly encrypt the password vault. Using one password for every site you use means that you have to trust each of those sites equally, because if one leaks your password because they have atrocious password policies (eg. storing it in plain text), it's leaked everywhere and you need to remember every place you used it before.

Good password managers allow audits, and do at times still get hacked naturally (which isn't 100% preventable). Yet neither of these should result in passwords being leaked. Why? Because they properly secure your master password so it can't be reverse engineered to plain text, and without the master password your encrypted password vault is just a bunch of random bytes. And even in the extreme situation it did, you know to switch to a better password manager, and you have a nice big list of all the places where you need to change your password rather than trying to remember them all.

Human memory is fallible and we want the least amount of effort, because of that we usually make bad passwords. Your average site does not have their password security up to date (There's almost a 0% chance not one of your passwords can be found here). If you data is encrypted accordingly, it doesn't matter if it gets leaked in any way or stolen by some rogue employee, so long as they do not have your master password. So yes, I'd say that's a good idea.

[–] [email protected] 2 points 1 year ago

Nicely said, thanks for the long read!

load more comments (20 replies)
load more comments (31 replies)