Who TF isn’t using a password manager in 2025? Like how would you even function?
EDIT: Y’all need to stop replying with your password generation strategies. JFC it’s like you’re asking someone to pwn your shit.
My employer, a fortune 500, blocks password managers and all other add-ons.
When will he be hacked.... Let's place bets everyone!
My employer, a 12 people big company, nowhere near any fortune list, mandates the use of 1password for all company related accounts.
Ah but you see there's the problem, you don't have a committee to launch a working group that puts together investigative teams to research and write reports on the benefit of the solution, the ROI of the solution, the training costs of the solution, stakeholder buy in of the solution, and potential alternatives to the solution. You need at least a 10 month process before one jackass says they don't want the solution so the committee can recommend to management that the solution be abandoned.
God damn, you sure you're not a politician?
Insinuating that I may be a politician is the most insulting thing someone has said to me in a while, well done. And no I'm not, I'm just a guy who spent over a decade self-employed then went into the corporate world and tried to bring my innovate quickly mindset with me and very quickly found out that even a simple change requires that only affects my department required 5 different people from outside our department to sign off on the change and each one of them assigned 1 or more people to research and report on the change. Losg story short, after a while I found out what was going on and why nothing ever got adopted and I being a snarky asshole learned there corporate buzzwords and started stringing them into the proposals.
Wasn't intended as an insult, just a joke at your sarcasm reminding me of how politicians talk
I was also joking, I assumed you were joking.
Federal and State jobs you can’t use password managers.
My federal job came with one pre-installed.
Yeah idk about that. I've worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I'm also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.
Because they seem to fall into two categories. Those that have been compromised
And those who haven't.... Yet
I use modified “HorseBatteryStaple” style passwords. I have a couple base phrases that I always remember, with special characters and numbers inserted. I modify them bit by bit for different sites, and keep a list of the changes - only the changes. Anyone who looks at the list would see random words, numbers, or symbols without context; only I know how it all fits together.
For example, let’s pretend HorseBatteryStaple1! Is my default password. I may have “cell phone, machine 5” on the list. That would mean the password for my cell phone’s payment website modifies the default password by changing one of the words in HorseBatteryStaple to “machine” and the number 1 to 5.
I know password managers exist, but I like to try to remember my own passwords. Especially since I may need them across different devices, including my work laptop that I can’t download new programs onto.
Caution, reusing parts of your passwords like that significantly reduces the effective entropy.
If someone fin HorseBatteryStaple1! in a plaintext leak, then they only need to guess one word and one number to get you phone password (assuming they know your format or use a matching heuristic).
Finally can't take it anymore
Downloads a Password Manager
Password Manager: "Please create a unique master password to begin"
That's one password, and then use 2FA or a passkey or a yubinkey or anything to secure it so the security of the password isn't a big deal
Then go to every single thing you have a password for, and have the password manager set it to something random. I personally like pass phrases get it up in the teens of characters multiple words multiple numbers multiple special characters. 99.9% of the time you shouldn't be typing any of this in. It should be injected for you. If per chance you should need to type one of them in typing in four or five words some numbers and some special characters is not really a horrible grievance.
Get a password manager. It's a lot more secure and easier to only have to remember one strong main password and have the rest randomly generated
^ I love Bitwarden
I enjoy self hosting it
(Rather vaultwarden)
Store the passwords using KeePass; it is awesome, secure, and free. I've used it for nearly 20 years. Never once had a problem.
Bonus points if you use a comma for a special character, because I hear commas are a small inconvenience for hackers scraping usernames, passwords en masse. Fuck those guys.
Many (most?) password managers, including KeePass, have a feature to generate passwords directly in the tool.
For everybody commenting on passwords manager, I've been using one for years now and I feel this so bad. My company has a password policy of changing the LAPTOP's password every 8 weeks and you can't reuse any of the last 10 passwords used. I hate it because I can't use a password manager to unlock my laptop and I'm so used to password managers by now that it's getting really hard to come up with new passwords that follow the stupid requirements and even worse remembering them. I'm veeeery close to just start noting them down in a notebook by my machine and then send a picture to our security guy to show him where he has gotten us all to
I save it my password manager and can pull it on other devices. Still annoying, but not the worst. Honestly the worst is passwords with a character limit, and even worse when it's "small" like 16
You should do that unironically. The current best practices advises against frequent password changes for exactly that reason.
Write a script that sets the password to 10 different passwords, then back to your original password.
I do agree that's a particular case that can't be solved by a password manager. But it's all the more reason to use one elsewhere to reduce how many you need to remember.
I have to remember only 3 secure passwords. My personal computer, my work account, and my password manager. Those are the only three I have to type in manually. And because they're secure and unique, for stupid work password change requirements I just increment the last character.
Quick question friends:
If I'm already using bitwarden and decide to switch to self-hosting it; can I import my usernames and such?
I would most likely change all the passwords, but being able to migrate the websites (with corresponding username) would be kinda nice
You should be able to export and import all your logins as a file. I did this when i moved from lastpass to bitwarden a while back
Has to be 16 characters
So long as I can use more than that, I won't complain. I don't remember the service, but I definitely remember one where they wouldn't allow over a certain amount of characters and that was annoying because that was when I was still using repeat passwords back in highschool. My preferred password at the time was roughly 20 characters, but apparently that was too much because who cares about security, am I right?
It's even worse when they have a limit and don't enforce it consistently. I had to submit a bug report to my bank because I made a 24 character password at account creation but the login page only allowed 16 characters.
What painting is that?
Here's what you do: Generate long random string, for example: P5edM5Ce0SGE0rOr9k&#T*wG@d$og^qyBTk2@%dmO@2akbm!b^5^p!bH8w7Ei7gPSIR^1Er&hab3ae@0odk3h76Ka48kYtXrsburM$7rf^vPRwXz1s5guO&$PZz3@w
Memorize it.
For each site just choose a number and select 16 characters starting at this number.
Remember which page uses what number. E.g. google = 32 -> &#T*wG@d$og^qyBTk2
Done. You don't have to remember any more passwords for the rest of your life.
Here's what you do
^can^ ^you^ ^say^ ^that^ ^a^ ^bit^ ^quieter^ ^please,^ ^we're^ ^at^ ^a^ ^wedding^
Folks will rather memorize 100 random ASCII chars than use a password manager
Hmm... if a bunch of matchsticks fall on the floor, do you immediately know how many there are? If you do, I may have some news for you 🤣
If you don’t want to use a password manager it’s not that hard to create long passwords. Just create a nonsense sentence with a misspelling with a character between each word and add some obscure personal info that isn’t directly linked to you, like a phone number of an old childhood friend or pizza place you used to call often when you were young so it’s easy to remember but not info another person can find about you. Then add a special character.
Like:
Wideo1Pasta1Is1The1Grawy1555-22334!!!
And in six weeks... It's time to change your password! No repeats.
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
A collection of some classic Lemmy memes for your enjoyment
