- Sign up to a new platform.
- Get asked to set a new password for it.
- Ah, I don't have time to think about a new password cuz I can't rely on my hamster equivalent brain to remember it.
- Same password it is, that I've been using for the past decade for every other platform.

Password manager

i use different passwords. for the accounts that are just trash sites that i dont care abt i use the same for years. for the important sites i use more difficult ones.

Bitwarden ftw

literally just generate a random password and store in a keepass or some shit.

You'll be thanking yourself a few years down the line.

Yeah, I started using KeePass and never went back.

hell will freeze over before I give my passwords to a 3rd party, but KeePass is self-hosted or even local-only with good browser integration and multiple layers of security are possible to enable, including an extra key-file being stored on a physical device that acts as a key for the password store.

You should check it out at least, see if it covers your needs

@Hazarth can't imagine not using it anymore tbh.

It's such a life changer

One company I worked for used last pass. They made sure you change your password yearly, because at this rate they tell everybody that all passwords got leaked.

I use keepass for business and private I use a formula.

It's only a matter of time before KeePass gets hacked.

@Sid2006 you confuse "keepass" with "your account on every platform" in that sentence.

Also define how keepass is going to get hacked. Just about the only possibility is that your system gets hacked and no matter what you use because if your system is compromised everything you access on it is compromised...

@Sid2006 KeePass is offline, so I think there is nothing to be hacked. Maybe your passwords file could be stolen from your computer and cracked or something.

Lastpass solved this problem for me. Not perfect, but better than the same password.

https://random.org/passwords/...

Firefox should also suggest a random password and save it when you submit the form.

@hjk101 there are a few pocs out there (one of them very recent) to hack into keepass data, but obvs they require access to either a memory dump or the kdbx file

@100110111 yeah if you have access to a memory dump it's a compromised system and you are fucked no matter what.

I'm curious what you can do with my kdbx file. If you think brute force I'm going to say see you in the next life (yubikey challenge response plus a fairly secure master password).

@hjk101 exactly. :D