this post was submitted on 29 Apr 2025
100 points (95.5% liked)

iiiiiiitttttttttttt

442 readers
1318 users here now

you know the computer thing is it plugged in?

A community for memes and posts about tech and IT related rage.

founded 1 week ago
MODERATORS
irelephant@programming.dev
Irelephant@lemm.ee
100
I wish some people could learn how to use a password manager. (programming.dev)
submitted 3 days ago by irelephant@programming.dev to c/iiiiiiitttttttttttt@programming.dev
10 comments fedilink hide all child comments
 

TranscriptA meme saying "Society if end users remembered their passwords." it is accompanied by a picture of a futuristic city.

top 10 comments
sorted by: hot top controversial new old
[–] Letstakealook@lemm.ee 13 points 2 days ago (1 children)

I have approximately 12 different passwords to remember for work, all with separate requirements, the longest of which lasts 3 months. I work in a kitchen. Is someone going to steal my password in order to...monitor the temperature and humidity of our dry storage? Unlikely. Sometimes, password requirements and constant changing, while a "best practice," leads to a larger headache than the actual risk.

[–] tophneal@sh.itjust.works 22 points 2 days ago (2 children)

Don’t believe anyone who says constant changing of passwords is “best practice,” it’s not. The constant changing typically leads to less secure passwords and practices by end users.

[–] Ptsf@lemmy.world 2 points 10 hours ago* (last edited 10 hours ago)

Constant password expiration was/is an attempt to get users to rotate passwords after they themselves have disclosed/otherwise compromised their sign on information or abandoned/orphaned their account. It's a drag net. A stupid one. But ironically if it was enforced on all active accounts, it's a drag net that would've even saved Microsoft from compromise by the Russians. So it does have it's uses in some regard, but to be honest it seems like the state of all security and authentication mechanisms is currently in between 💩 and 🗑️🔥 as far as design and intuition goes. Why I need a password manager for 1000+ accounts instead of being able to generate/sign my own cryptographic authentication tickets in an intuitive way is beyond me. Passkeys is getting there, but having used them, I can still definitively say the implementation is unintuitive trash. (https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ )

[–] entwine413@lemm.ee 5 points 2 days ago

It's discouraged by NIST now too. Basically the only requirement is that you have some sort of policy in place.

[–] HEXN3T@lemmy.blahaj.zone 6 points 2 days ago

Society if fucking password manager

[–] BatmanAoD@programming.dev 7 points 2 days ago

Nah, this is society if we move past needing so many passwords. Passkeys, federated logins, and one-time login codes are all preferable.

[–] LambdaRX@sh.itjust.works 9 points 2 days ago

I don't know my passwords, so I can't be forced to reveal them if I delete my password database.

[–] potoo22@programming.dev 1 points 2 days ago (1 children)

I used bit warden to randomize and keep my passwords, have 2f auth, and use a bio sensor to unlock it on my phone. I imported hundreds of accounts from last pass. I only used it on my phone and used the bio sensor to unlock it. I forgot the master password after 3 months and had to create a new account with the old import. Only lost 3 months of updates, but still. Learned my lesson.

[–] irelephant@programming.dev 2 points 2 days ago

I use keepas xc with a ridiculously long password, and I've uploaded it to every device I own and to proton cloud.

Most passwords are randomly generated and 30 chars long.

[–] misterdoctor@lemmy.world 2 points 2 days ago

Actually they never set that password, it must have been the guy at the store who did it because they didn’t do it, and they most certainly didn’t forget it.