• Rikj000
    link
    fedilink
    English
    arrow-up
    52
    ·
    edit-2
    7 months ago

    2 words for you:
    Password Manager

    Get around to using one :P

    I only remember my password to my PW manager, which additionally is encrypted with a key file to increase security.

    The rest of my PWs are 128 character long random generated PWs, with capitals, numbers, special characters etc…

    • RubberDuck@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      7 months ago

      Yep. Several years ago I switched and it took a little getting used to. But now I would not want it any other way. The plugins in the browsers make it convenient and also a proper app on your mobile and you are set to go. Click on a password field and then you can click on the plugin to fill the fields.

    • AbsurdityAccelerator@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      7 months ago

      I wish all my passwords were 128 characters. Most sites won’t allow anything that complex. Because apperantly making the password hash field longer is hard /s

    • mormund@feddit.de
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      7 months ago

      Where do you keep the key file and the PW managers DB? I feel like they would be too much side-by-side to really increase security in my case

      • Rikj000
        link
        fedilink
        English
        arrow-up
        4
        ·
        7 months ago

        I won’t disclose where I store mine.

        But I’d recommend to:

        • Not backup your PW manager’s database + key file in the same location
          (That would decrease security, x1 data breach would allow them to easily brute force your PW DB since they’ll have the key)
        • Not go with a PW manager that does not allow you to choose a location where you desire to backup to (Seen plenty of mainstream PW managers getting data breached by now, so going with a cloud, which is not solely used for PW managers, has an advantage imo, since they tend to be less targeted by hackers)

        I’ve been happily using KeeWeb + Keepass2Android for years now:

      • Krafty Kactus@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        3
        ·
        7 months ago

        You could use a USB drive that you only ever plug in to open the password manager. It’s not the most secure option but it’s a bit better than no key file at all.

        • mormund@feddit.de
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          Can’t use it with a phone though. To be honest, I think just having a password manager gives you protection against 99% of the attack surface. And if someone is really determined, I’m not sure the key file will be hard to obtain for them no matter what. But I was curious what setup others have

          • lud@lemm.ee
            link
            fedilink
            arrow-up
            3
            ·
            7 months ago

            If someone is really determined to attack you specifically they will just get a wrench.

        • voxel@sopuli.xyz
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          7 months ago

          or store the key in a tpm chip protected by password +biometric auth? that’s what kost OSs do for storing passkeys and encryption keys

      • petrescatraian@libranet.de
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        7 months ago

        @mormund I used to store them in a paper notebook, away from the prying eyes of malware and other shenanigans. Now I also have them in a password manager for easy access in case I need them, if the account supports 2FA TOTP.

        @Rikj000

    • I_Has_A_Hat@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      I have tried to use a password manager like 3 separate times now and can never seem to get the hang of it

  • Destide@feddit.uk
    link
    fedilink
    English
    arrow-up
    5
    ·
    7 months ago

    Use bitwarden with a yubikey so you can double forget all of them quicker

  • Evil_Shrubbery@lemm.ee
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    7 months ago

    I really appreciate that one last look Tom gives, it’s the same way I look at the already decomposing carcass of my fancy new password, as if ‘I will surely remember you’.