My favorite password manager is KeypassDx. I also use proton pass. What do you use and why?

  • leftzero@lemmynsfw.com
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    16
    ·
    21 days ago

    My brain. A password manager seems like a completely unnecessary single point of failure.

      • leftzero@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        20 days ago

        This assumes a) passwords, and b) poor passwords at that.

        Passphrases are easy to remember, extremely hard to crack, and easily customisable for every site, and you don’t need no fucking password manager to store them.

        Though I’ll give you this: password managers are not, after all, necessarily single points of failure.

        If you need a password manager to manage your passwords you’re a much more vulnerable point of failure than your password management bloatware itself.

        correct horse battery staple

        • Communist@lemmy.frozeninferno.xyz
          link
          fedilink
          English
          arrow-up
          7
          ·
          20 days ago

          Or you could not have to remember all of that, have vastly more complex passwords, have it be significantly more convenient.

          I currently have 100+ passwords stored in my password manager, do you actually expect people to remember 100+ unique phrases?

          • leftzero@lemmynsfw.com
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            4
            ·
            20 days ago

            vastly more complex passwords

            Complexity is practically irrelevant when compared to length when it comes to passwords. That’s the point of passphrases.

            do you actually expect people to remember 100+ unique phrases

            You can have a small number of passphrases and simply choose one and add a word or two based on the site. It’s trivial to “remember” an infinite number of unique passphrases if you’ve got an algorithm. 🤷‍♂️

            • Communist@lemmy.frozeninferno.xyz
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              20 days ago

              Complexity is practically irrelevant when compared to length when it comes to passwords. That’s the point of passphrases.

              are you trolling me? I can have 20,000 character long passwords with a password manager. Length is just an aspect of complexity…

              You can have a small number of passphrases and simply choose one and add a word or two based on the site. It’s trivial to “remember” an infinite number of unique passphrases if you’ve got an algorithm. 🤷‍♂️

              …that makes it significantly less secure and almost defeats the purpose of unique passwords, I could have 20,000 character completely unique passwords with a password manager.

              • leftzero@lemmynsfw.com
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                4
                ·
                20 days ago

                I can have 20,000 character long passwords with a password manager

                Sure. Most websites will either truncate them or outright reject them due to being too long, but sure.

                Most users, however, will use the 12 to 16 characters auto-generated ones, though, which are sufficiently hard to crack (though not as much as an easy to remember passphrase, not that it matters; the easy to remember part is what matters about passphrases).

                that makes it significantly less secure

                No it doesn’t. Even if a few of the passphrases leak, your algorithm, if well chosen, shouldn’t be easy to reverse engineer… and unless someone is specifically targeting you (and has access to enough of your passphrases) there’s much easier fish to catch; if a leaked passphrase doesn’t work in other sites, no one will waste time trying to figure out if it has some logic to it.

                I could have 20,000 character completely unique passwords with a password manager

                No you couldn’t. You’d have one password and one password manager (which would have all “your” other passwords; as would anyone else with access to your password manager).

                Until you lose access to your password manager, of course… which is bound to eventually happen, due to hardware or software issues or loss of the device if it’s local, or due to network issues, the provider discontinuing the service, or inevitable enshittification if it’s online.

                And, of course, you’ll have a single point of attack from which your password can be leaked (or sold, if it’s an online service) or stolen.

                • Communist@lemmy.frozeninferno.xyz
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  edit-2
                  20 days ago

                  Until you lose access to your password manager, of course… which is bound to eventually happen, due to hardware or software issues or loss of the device if it’s local, or due to network issues, the provider discontinuing the service, or inevitable enshittification if it’s online.

                  It has never happened to me and is absolutely not bound to happen, especially if it’s local and backed up…

                  I’d rather remember one REALLY secure password than 100+ bad ones.

        • skuzz@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          19 days ago

          That’s great until you get hit by a car and can’t remember shit, or your family has to deal with handling your end of life and the only password record was in a blob of tissue in your skull.

          Passwords in general are dumb and should cease to exist, though.