588
top 50 comments
sorted by: hot top controversial new old
[-] admin@lemmy.my-box.dev 158 points 4 months ago

I guess now is as good a time as any for them to start using a proper password manager.

Personally, I recommend Keepass - it has multiple clients for all platforms, and you can keep the file in sync with a program of your own choosing, like Dropbox, syncthing or whatever you like.

[-] GissaMittJobb@lemmy.ml 62 points 4 months ago

Bitwarden is probably a more pragmatic choice for most users, given that it's free and without having to manage the syncing yourself.

Any password manager is better than the alternative, though.

load more comments (6 replies)
[-] Wistful@discuss.tchncs.de 57 points 4 months ago

Keepass XC on PC, Keepass DX on Android, Syncthing to sync database

Works flawlessly!

[-] nekusoul@lemmy.nekusoul.de 21 points 4 months ago

Most amazingly, this setup is also unexpectedly resilient against merge conflicts and can sync even when two copies have changed. You wouldn't expect that from tools relying on 3rd party file syncing.

I still try to avoid it, but every time it accidentally happened, I could just merge the changes automatically without losing data.

[-] Shatur@lemmy.ml 11 points 4 months ago

How did you enable merge conflict resolution for KeePassXC databases?

load more comments (3 replies)
load more comments (3 replies)
[-] SaltySalamander@fedia.io 34 points 4 months ago
[-] GoJimi@lemm.ee 17 points 4 months ago

Exactly! Self hosted FTW. Chances of a data breach.... Typically pretty minor if you are smart.

[-] pennomi@lemmy.world 19 points 4 months ago

Chances of losing the data is higher with selfhosting too. Unless you’re doing some sort of multizone replication, or course.

[-] nialv7@lemmy.world 10 points 4 months ago

I use syncthing so there's a copy of my password database on each of my devices.

load more comments (5 replies)
load more comments (3 replies)
load more comments (4 replies)
load more comments (22 replies)
[-] ZarkleFarkle@sh.itjust.works 133 points 4 months ago

I put all my passwords in a text document, then print it on a little strip of paper and shove it up my ass. Whenever I take a crap, I dig it out from the turds and try to memorise some of them again. Then I shove it back up there where noone else can find my data and I won't lose it.

[-] postnataldrip@lemmy.world 209 points 4 months ago
[-] Eximius@lemmy.world 11 points 4 months ago

Spectacular

load more comments (1 replies)
[-] ikidd@lemmy.world 75 points 4 months ago

sh.itjust.works

[-] ZarkleFarkle@sh.itjust.works 49 points 4 months ago

Forgot to mention I delete the text document and set fire to the computer's hard drive. The passwords are only ever in my ass, with the rest of my personal shit.

[-] Crackhappy@lemmy.world 22 points 4 months ago

Following up your own shit post with another shit post is shit post gold.

load more comments (4 replies)
[-] knacht1@lemmy.world 104 points 4 months ago

Bitwarden here. Works well.

[-] homesweethomeMrL@lemmy.world 86 points 4 months ago

No $10 gift card?

Lame.

[-] daddy32@lemmy.world 78 points 4 months ago

"Chrome users" or "Chrome under windows users" would be closer to the truth. Still, quite a screw up.

[-] tdawg@lemmy.world 12 points 4 months ago

Something like 2/3rds of the world uses chrome for desktop. I'd bet that number is higher for windows specifically. If you're the rare person who doesn't use chrome then you're savy enough to know this doesn't apply to you

[-] rekabis@lemmy.ca 53 points 4 months ago

No-one should be using any password manager built into any browser, neither Chromium-based nor Firefox-based. Browser password databases are almost trivially easy for malware to harvest.

Go with something external, BitWarden or 1Password, or if you are entirely within the Apple ecosystem their new password system built into iOS 18 is apparently really good.

[-] dan@upvote.au 24 points 4 months ago* (last edited 4 months ago)

Go with something external, BitWarden or 1Password,

When it comes to security software, I usually recommend sticking to open-source solutions, which is why I'd recommend Bitwarden over 1Password. Their whole stack (backend, frontend, and native apps) is all open-source. A premium account is well worth the $10/year.

You can self-host their server, or self-host Vaultwarden which is an unofficial API-compatible reimplementation of the Bitwarden backend designed to be lighter weight. Note that Vaultwarden is unofficial and hasn't gone through the same security audits as Bitwarden has. It's a good piece of software though.

load more comments (4 replies)
[-] WhyFlip@lemmy.world 11 points 4 months ago

I use Keepass. Free, secure, great.

load more comments (2 replies)
load more comments (6 replies)
[-] InternetUser2012@lemmy.today 53 points 4 months ago

"Here's what you need to know" - Avoid anything Google.

load more comments (1 replies)
[-] sidgames5@lemmy.zip 51 points 4 months ago

Keepass has been working with no issues

load more comments (7 replies)
[-] krimson@lemmy.world 44 points 4 months ago

Recently started using Bitwarden and it works really well. You can even ditch authenticator because it has OTP built in too.

I selfhost it though because I trust nobody with this type of sensitive data, encrypted or not.

[-] redditReallySucks@lemmy.dbzer0.com 38 points 4 months ago

By storing your passwords and otp in the same place it becomes 1 factor authentification

[-] EddoWagt@feddit.nl 17 points 4 months ago

Not really as you're still protected from password breaches, which is most likely to happen anyways, especially if you self host.

If you're actively being targeted for your bitwarden password, you likely have bigger problems

load more comments (1 replies)
load more comments (12 replies)
load more comments (19 replies)
[-] MrsDoyle@lemmy.world 24 points 4 months ago

A friend has a notebook next to her computer with all her passwords in it. Initially I was horrified - what if you're burgled? - but actually it's genius. Much more secure than letting a browser remember them, and she doesn't even need to memorise a Bitwarden password.

[-] captain_aggravated@sh.itjust.works 33 points 4 months ago

In a household it's probably not that bad. There aren't many people breaking into homes looking for account details.

I've had my identity stolen several times, and every single time it was stolen from a Fortune 500 company.

[-] flerp@lemm.ee 17 points 4 months ago

I just make all of my passwords password123 then I don't have to worry about memorizing them

load more comments (7 replies)
[-] Crashumbc@lemmy.world 13 points 4 months ago

Just add the same memorized bit to the end. Something simple like "123" would work. Even if the book is stolen it won't do them any good.

[-] jabjoe@feddit.uk 10 points 4 months ago
[-] sunred@discuss.tchncs.de 12 points 4 months ago
load more comments (1 replies)
load more comments (13 replies)
[-] robocall@lemmy.world 22 points 4 months ago
[-] shiypc@lemm.ee 16 points 4 months ago

feel like "aaand it's gone" would fit better here

[-] ChaoticEntropy@feddit.uk 22 points 4 months ago

Premium Bitwarden is so cheap and effective that I find it difficult to justify using an alternative.

[-] communism@lemmy.ml 10 points 4 months ago* (last edited 4 months ago)

Keepass with syncthing is completely free and doesn't rely on cloud hosting

load more comments (5 replies)
[-] angelmountain@feddit.nl 21 points 4 months ago

No password manager is 100% safe. Make back-ups.

[-] FauxPseudo@lemmy.world 13 points 4 months ago

That's definitely a change from companies just leaving passwords around for anyone to find.

[-] communism@lemmy.ml 11 points 4 months ago

Me when I don't use Chrome, I don't use Windows, and I don't use browser password saving either

load more comments
view more: next ›
this post was submitted on 28 Jul 2024
588 points (98.5% liked)

Technology

59861 readers
3735 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS