Asklemmy

44362 readers

2 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS

How do you deal with passwords? Password manager? Txt file? Do you use biometrics on devices that have them? (lemmy.dbzer0.com)

submitted 2 years ago* (last edited 2 years ago) by 001100010010@lemmy.dbzer0.com to c/asklemmy@lemmy.ml

58 comments fedilink hide all child comments

I was gonna ask about the biometrics part in a separate question, but its both about security, so might as well combine it in one post.

Okay so I don't use password managers. I just try to make easy to remember passwords 3-4 random words + 3-4 random numbers. ~~Online accounts can't be brute forced anyways.~~ Edit: I mean most websites have log in limits don't they? Maybe I've been mistaken?

For offline accounts, I just increase the words and numbers. For mobile I don't use biometrics, although I've been testing whether or not I want a pin + no biometrics or alphanumeric password + biometrics. I just can't decide.

you are viewing a single comment's thread
view the rest of the comments

[–] frustbox@lemmy.ml 1 points 2 years ago

Several points

They generate strong passwords - completely random with no scheme or method to guess. They are long and use many different characters. These won't be easy to memorize, but that's the point of a password manager, isn't it? Much stronger than "google-monkey123", "lemmy-monkey123" etc.

They generate unique passwords - different passwords for every login. When, inevitably, one website had their database breached and it turns out that they stored the passwords too (you never store the passwords, only a "hash", a scrambled version of it), that password of yours can't be used on other websites. Or any scheme be detected "hey that guy just appends 'monkey123' to the name of the site!"

They protect you from phishing - consider this scenario: you get a message with a link, you click on it and the site asks you to log in, so you type in your login and password, but that was a phishing site, it looked like the real website, but really it wasn't. And now the attacker knows your username and password. A password manager that automatically fills your login details will only do so if the domain name is exactly correct, on a phishing site it will not auto-fill, giving you a moment to stop and think.