It is truly upsetting to see how few people use password managers. I have witnessed people who always use the same password (and even tell me what it is), people who try to login to accounts but constantly can’t remember which credentials they used, people who store all of their passwords on a text file on their desktop, people who use a password manager but store the master password on Discord, entire tech sectors in companies locked to LastPass, and so much more. One person even told me they were upset that websites wouldn’t tell you password requirements after you create your account, and so they screenshot the requirements every time so they could remember which characters to add to their reused password.

Use a password manager. Whatever solution you think you can come up with is most likely not secure. Computers store a lot of temporary files in places you might not even know how to check, so don’t just stick it in a text file. Use a properly made password manager, such as Bitwarden or KeePassXC. They’re not going to steal your passwords. Store your master password in a safe place or use a passphrase that you can remember. Even using your browser’s password storage is better than nothing. Don’t reuse passwords, use long randomly generated ones.

It’s free, it’s convenient, it takes a few minutes to set up, and its a massive boost in security. No needing to remember passwords. No needing to come up with new passwords. No manually typing passwords. I know I’m preaching to the choir, but if even one of you decides to use a password manager after this then it’s an easy win.

Please, don’t wait. If you aren’t using a password manager right now, take a few minutes. You’ll thank yourself later.

  • helpImTrappedOnline@lemmy.world
    4·
    29 days ago
    1. Ultimitaly its up to the user to remember the master password. I’m not familiar with how bitwarden works, but do use keepssXC. I hear bitwarden is better for less techical people due to having built in account/sync options. (You can also self-host BW if you want)

    Keepass is file based, it is up to you to backup the file, for most users putting it an auto-synced cloud drive folder is their best bet. It’s automatic, multi-platform and offsite. Many technical users use sync thing (or equivalent) to manage the file across multiple backup locations.

    KeePassXC is essentially a GUI for KeePass datbase, like word and openoffice can both open a .doc file, multiple programs can open a keepass file. If KeePassXC dies, theres others options for opening the file.

    That being said, IOS options suck, theres one called Strongbox that is, in my opinion, the best. Its not FOSS like the others. Free version works 100% no problems, but they ask a high $20/yr sub or $90 lifetime for a handful of nonessential features (I’d love an decent alternative if anyone has one).

    For Android I like KeepassDX and Keepass2Android.

    1. Getting hacked is a legitimate concern. However the greatest risk is still duplicate passwords. The time it will take crack an individual database is going to be less well spent than dumping a million username/password sets into a thousand sites and hoping for a match.

    Realistically, if you’re the specific target of a hacker going specificaly after your database files you’re best off freezing your credit and bank accounts.

    If your database gets hacked, there are a few ways you can midigate the damge, its up to an individual to balance convince and security.

    First is 2fa. Keepass works great for TOTP 2fa, with browser integrations, its a breeze signing into sites. If you want more security, you would have a seperate database file with a different master password for 2fa. Now a hacker needs to crack 2 databases.

    Another way to midigate the risk is to seperate whatever emails you use from the main bunch, this way if the main databse gets compromised, you won’t lose the emails that let you reset everything else. If the email gets cracked, they won’t have a convient list of accounts to go mess with. Also make sure the emails have all the security and recovery options available setup.

    3, bonus round Finally for fincial security, don’t have your credit card saved on every site. I don’t let most of them store it all and use privacy.com for pretty much every thing these days. Set transaction limits on regularly used sites, and set up a “1-time use” card for anythibg irregular.

    Even if some brakes into, for example my amazon account, they are going to find a $100 purchase won’t work. I’ll get an email and can just cancel the privacy card for amazon (I’d probably kill them all to be safe) and then work on resecuring everything.

    To top it off Privacy.com it self has a dedicated credit card attached with a strict limit to midigate damge.

    • Preflight_Tomato@lemm.ee
      3·
      29 days ago

      For privacy.com:

      • great for anyone in the USA
      • don’t worry about difficult subscription cancellations again, just turn that one’s dedicated card off
      • I have personally blown past the daily spend limit of 250$ without issue, idk if that limit is real. The 1000$/mo may be though I’ve never hit that.
      • I’ve used privacy.com for everything from Amazon to car insurance to gym memberships.

      On credit freezes:

      • a freeze means that your consumer report will not be shared, which means applications for credit in your name will be denied
      • all USA consumer reporting agencies (data brokers) are legally required to freeze sharing of your reports for free upon your request
      • you can temporarily unfreeze when you get a new credit card, apply for rental property, etc.
      • don’t let them upsell it or try to direct you to another page with similar language, it is free
      • credit monitoring products need to request your report to see if any new accounts have opened. Don’t monitor it, prevent it by freezing the reports
      • freezes are required for any data broker, not just credit. This includes LexisNexis (job history), and presumably the ones that do rental and vehicle ownership history though i don’t know their names.
      • helpImTrappedOnline@lemmy.world
        1·
        28 days ago

        I was talking about the individual card limits that can be set, those definatly work.

        Edit, looking my account, I too have 250daily and 1000 monthy limit. The next paragraph might be be outdated?

        I know the total daily limit is “adaptive” or something set based on your spending habits. I’d prefer setting the limit myself, but it is what it is.

        • Preflight_Tomato@lemm.ee
          1·
          27 days ago

          It at least used to be adaptive because at one point it went to 500$ for me, then changed back down a couple months later.