Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Use a password manager, write the master password down and keep it as safe as needed for your risk model (maybe put it in a small container on your physical keychain).
Additionally you can let the browser store all the credentials for the "not really worth protecting, but site wanted me to make one" accounts. -
Have you tried using a system for new passwords which say uses full or partial name of the app / site / whatever you are registering mixed in particular way ( may be systematic again ) w/h something you know you wont gorget and then the only thing you need to remember is the used system and the secret part which is integrated in it. This strategy helps me w/h my tons of password some of which I don't log in for months and still be able to figure out ( most of the cases ) which system had used there ( with exception the sites with really strange requirements 4 pass )
-
@We3D bad advice. That can make you an easy target for brute force attacks.
The more relatable data is in a password, the easier it can be extracted.
However, using random Words, that have nothing to do with yourself or the app will make a password secure and easier to remember. Just remember to sprinkle in some extra chars (numbers, special chars, etc)
@Oktokolo i agree 💯. Using something like Keepass, and writing the master password down is good. If you don't want to deal with that password, you could technically dedicate a "key" file for your password store, and just use some image or something. -
Passwords are here to stay. There's simply no other way to have an absolute control over a secret, and that's the basis of any high security solution. You can use a secure storage for your secrets, but you still need a way to control access to the storage. You can use a physical security key, but then you need a way to prevent others form using that security key in case you e.g. lose it. You can use biometrics for that, but then you need a backup in case you e.g. cut yourself and your fingerprint no longer works. In the end it all still comes down to some password you can use to access other secrets and authentication mechanisms, so it's often easier to just skip everything in between and use a password directly.
-
@GiddyNaya i 100% feel your pain. When i would commit suicide at any point of my life, most likely because of that.
-
@thebiochemic I can partially agree with you, but using random words is no good either, b/c it's still an easy target for dictionary attacks. If one is gonna use a pass mngr then why not use it in its full potential : every pass there should be completely random using the full spectrum of chars and fairly long b/c you don't have to remember any part of it. The only pass u have to remember is the master one ( which also must be long and complicated but also memorable ) , which I think is a bad Idea of writing down and caring around with the device that holds the chosen pass mngr
-
also choosing a password manager has disadvantages like constantly updating a minimum one backup on another device which is at a secure place at localhost. And I didn't say that I don't use numbers or other special chars in my systems, but you are right that if one or 2 of mine accounts are compromised one of my systems will be an easy target for other places where I use it... maybe it's time to think of a mutable systems which will be harder for brake even if you have 10 examples. =]
-
@totoro-totoro is a reasonable choice and would probably use it too, but it's too troublesome for me. And I'm easily distracted...on the other hand, now that I have a flipper zero I can use it as a 2FA, but how to plug it in a device that's not mine without fear of catching something... and btw welcome to DevRant =)!
My LastPass master password..
Are you serious? Are you afraid of an SQL injection or something, and instead of properly sanitizing your quer...
You know what's worse than having to come up with a new password every time you create an account? Forgetting your password every time you try to log in!
I swear, it's like my brain has a selective memory when it comes to passwords. I can remember every lyric to a song from 10 years ago, but I can't remember the password I created yesterday.
And don't even get me started on password manager software. You would think that having all of your passwords stored in one place would make things easier, but nope. I've forgotten my password for my password manager so many times that I'm starting to think I need a password manager for my password manager.
But seriously, why do we even need passwords in the first place? Why isn’t there an easier one stone kills all solution to all these password authentication nonsense?
I could remember when it was all letters, then forced to use letters + numbers…
then later forced to include symbols…
and then forced to make it lengthier…
and then solve puzzles after getting it right…
and after all the stress now we are forced to find nemo from a set of images.
I thought the misery would end there but nope. Now some platform forces 2FA like dude seriously?
For God’s sake we built self driving cars already! Why can’t one just exist without a password? Why do we always end up in a password cycle?
And please don’t say shit about oauth because if your password master (i.e: google) fucks you in the ass then all your oauth accounts are gone for good!
I'm currently having an existential crisis about the meaning of passwords in our modern society. Shit is crazy when I ponder about it I get worried.
rant
passwords
oauth