Home Entrance Everyone Wiki Search Login Register

Welcome, Guest. Please login or register. - Thinking of joining the forum??
April 20, 2024 - @838.91 (what is this?)
Forum activity rating: Four Star Posts: 59/1k.beats Unread Topics | Unread Replies | Own Posts | Own Topics | Random Topic | Recent Posts
News: :ha: :pc: Hello Melonland! :pc: :happy:

+  MelonLand Forum
|-+  World Wild Web
| |-+  ☞ ∙ Life on the Web
| | |-+  Password Managers? 🗝️


« previous next »
Pages: [1] 2 Print
Poll
Question: Do you use a password manager?
Yes! I use a 3rd party one like Bitwarden, or 1Pass   -16 (40%)
Yes! I self host a password manager like Keepass   -6 (15%)
Sorta! I use a built in password saver in Chrome or Firefox   -6 (15%)
Nope! But I have a complicated way of remembering passwords or I write them down.   -11 (27.5%)
Nope! I use the same password for everything :3   -1 (2.5%)
Total Members Voted: 39

Author Topic: Password Managers? 🗝️  (Read 1132 times)
Melooon
Hero Member ⚓︎
*****


So many stars!

SpaceHey: Friend Me!
StatusCafe: melon
iMood: Melonking
Itch.io: My Games

View Profile WWW

First 1000 Members!spring 2023!Squirtle!!!!MIDI WarriorMIDI Warrior1234 Posts!OzspeckCool Dude AwardRising Star of the Web AwardMessage BuddyPocket Icelogist!OG! Joined 2021!The Smallest Ozwomp Known To ManBug!
« on: March 22, 2023 @829.79 »

Do you use a password manager? How do you feel about them?

There are two kinds of password managers out there:
  • Managers like your browser that just save your last used password.
  • 3rd party managers who give you a random secure password and save it for you using an extension.


I held off using one for a very long time and just stuck with Firefoxes built-in one, but about 2 years ago I started using 1Password and I can't imagine going back to having the mess of trying to remember passwords across multiple browsers that I used before :ohdear: However there are also valid concerns and arguments against saving all your password in one place, so I'd like to hear how others manage their password lives!

Here is an in-depth technical video from the University of Nottingham that gets a lot of facts out of the way for those who want it!
Logged


everything lost will be recovered, when you drift into the arms of the undiscovered
Cobra!
Hero Member ⚓︎
*****


’S fhearr Albais bhriste na Albais sa chiste

StatusCafe: cobradile
iMood: Cobradile
Matrix: Chat!
XMPP: Chat!
Itch.io: My Games

View Profile WWW

First 1000 Members!Pocket Icelogist!OG! Joined 2021!
« Reply #1 on: March 22, 2023 @836.71 »

I use KeePass, and put the database in a cloud storage I'm subscribed to, and the key file to unlock it in another. It's been great so far, and the client I use (KeePassXC) generated passwords for you.
Logged




“Snooping as usual, I see?”
Inkerlink
Full Member ⚓︎
***


Hey, nice to meet you!


View Profile WWW

First 1000 Members!Cool Dude AwardJoined 2023!
« Reply #2 on: March 22, 2023 @919.28 »

I use BitWarden, and as long as it remains open-source and free, I'll keep using it. I'm not worried enough about privacy to go full self-storage, the ease of use and integration it offers is very convenient for me.
I'm not too worried about having one point of failure for my passwords since my master password is quite complex and unless there is a BitWarden breach of somekind, the chances of my account getting hacked is basically zero. The only place my master password is stored is in my head, so unless I'm captured by an evil group and tickle-tortured, no one is getting into my accounts.  :ok:  :ok:
Logged

Quote
It was in a way the world at the very beginning – the elements alone, and starlight.
-The Ionian Mission, Patrick O'Brian



almostcorporeal
Jr. Member ⚓︎
**


you are a violent and irrepressible mirable

SpaceHey: Friend Me!

View Profile WWW

First 1000 Members!Cool Dude AwardJoined 2023!
« Reply #3 on: March 22, 2023 @928.07 »

I have really terrible memory problems due to a bunch of medical stuff so a password manager is kind of super important to me! Otherwise I feel like I absolutely would forget my passwords to things [like I have with ichi.city and can't seem to figure out how to reset...] and be up the creek without a paddle (x

I use BitWarden but I'm interested in moving to a self-hosted password manager once I get my home server up and running. Currently BitWarden works great for me but some more medical stuff means that privacy is one of the key things I value, so moving from BitWarden to something self-hosted will help mentally mostly. I have no major qualms with the program outside of definitely not feeling comfortable enough to use some of it's features [such as credit card and identity storage] lol which is entirely a me thing and unrelated to the program itself! (x

I keep my master password written down and tucked away for safe keeping [Otherwise I would absolutely forget it, thanks memory ;;] and it's a generated password that is VERY different from my typical password convention so like Interlink said, I'm not worried unless something drastic or a breach happens haha

Do also want to leave on the note that I love this topic! Things like this are very interesting to me and I love seeing how others manage something I consider to be very tedious and loathsome haha  :4u:
Logged

the reviews are in: "living legend amongst us with an acceptable opinion of Radiohead"
xandra
Full Member ⚓︎
***


i want to be with you everywhere

SpaceHey: Friend Me!
StatusCafe: xandra
iMood: xandra0

View Profile WWW

First 1000 Members!Spring :^}OG! Joined 2021!
« Reply #4 on: March 22, 2023 @933.30 »

I use BitWarden, and as long as it remains open-source and free, I'll keep using it. I'm not worried enough about privacy to go full self-storage, the ease of use and integration it offers is very convenient for me.
I'm not too worried about having one point of failure for my passwords since my master password is quite complex and unless there is a BitWarden breach of somekind, the chances of my account getting hacked is basically zero. The only place my master password is stored is in my head, so unless I'm captured by an evil group and tickle-tortured, no one is getting into my accounts.  :ok:  :ok:

i also use bitwarden and second third them! i used to use lastpass, but after the breach that happened, i couldn't really put my trust in that company anymore. i really love that bitwarden is open-source!

also: *takes notes* writing in your file that tickle torture is the most effective method! XD
Logged
Melooon
Hero Member ⚓︎
*****


So many stars!

SpaceHey: Friend Me!
StatusCafe: melon
iMood: Melonking
Itch.io: My Games

View Profile WWW

First 1000 Members!spring 2023!Squirtle!!!!MIDI WarriorMIDI Warrior1234 Posts!OzspeckCool Dude AwardRising Star of the Web AwardMessage BuddyPocket Icelogist!OG! Joined 2021!The Smallest Ozwomp Known To ManBug!
« Reply #5 on: March 22, 2023 @938.37 »

Another question I have for people! Do you use 2 Factor Authentication often?

And if so, do you use your password manager as your 2FA generator; or do you keep them separate? I still keep them very separate, I use Authy as a 2FA client - so in theory even if 1Pass totally failed (prob impossible) and all my passwords were published online - most critical accounts would still be safe!  :eyes:

Also for those of you interested in self-hosting? What do you think about the argument that self-hosting could be less safe? You're basically taking on all the responsibility yourself instead of trusting a company that's entirely dedicated to security; or do you feel the obscurity of a private server mitigates that?
Logged


everything lost will be recovered, when you drift into the arms of the undiscovered
kandeez
Casual Poster ⚓︎
*



View Profile WWW

First 1000 Members!Joined 2023!
« Reply #6 on: March 22, 2023 @998.51 »

I will die on my complex stupid hill of passwords are meant to be reset. Unless its something I KNOW I'm gonna have to login for multiple times (ie wizard101) I will make a password a keyboard smash of ultimate magnitude and then reset it whenever I need to login. Especially when its something that you have to make an account for and know you're gonna use it once. The only login I need to keep secure is my email and then I just reset whenever I need.
I feel like its way easier than having to log passwords in a password manager and I don't have to really ever worry about third parties or breaches. It was definitely one of the things my teacher didn't recommend when teaching us about account safety but its never failed me.

Edit: I want to add that alongside my reset it everytime mantra I also more or less use the same password for everything else and only change up the special character so I'm not foolproof.
Logged
j
Full Member ⚓︎
***


bleh bleh *gargle gargle*


View Profile WWW

First 1000 Members!Joined 2023!
« Reply #7 on: March 23, 2023 @30.13 »

I can't imagine going back to having the mess of trying to remember passwords across multiple browsers that I used before

Dan Bull did a neat nerdcore rap on the struggle of this here - you just reminded me! :D

as a libre FOSS supporter, im an advocate for self-hosting and therefore use pass, which is amazing if youve got a Virtual Private Server lying spare and are familiar with the command line, bash and gpg :)

It was definitely one of the things my teacher didn't recommend when teaching us about account safety but its never failed me.

it's likely they didn't recommend it because a longer password doesn't guarantee more security. passwords that are brute-forced work with the maths of the total possible characters that any one character can be to the power of the length of the password. cs50 did a great video on this. saying that, password security is often quoted in cybsersecurity using entropy instead, which is a measure of how unpredictable and unguessable a password is - theres a cool calculator for that here so you dont have to work with logarithms!

for instance, a password of 10 random lowercase characters on your keyboard has an entropy of 47 bits whereas a password of 20 characters including lowercase and uppercase letters, digits and numbers has an entropy of 131.3 bits. ive mentioned why this is important in a blog post alongside why passwords arent the be-all and end-all of security, but i figured its probably nice to add on to why your teacher probably didnt recommend this :)
Logged

i go by j, she/they :)
j
Full Member ⚓︎
***


bleh bleh *gargle gargle*


View Profile WWW

First 1000 Members!Joined 2023!
« Reply #8 on: March 23, 2023 @34.58 »

Another question I have for people! Do you use 2 Factor Authentication often?

And if so, do you use your password manager as your 2FA generator; or do you keep them separate? I still keep them very separate, I use Authy as a 2FA client - so in theory even if 1Pass totally failed (prob impossible) and all my passwords were published online - most critical accounts would still be safe!  :eyes:

Also for those of you interested in self-hosting? What do you think about the argument that self-hosting could be less safe? You're basically taking on all the responsibility yourself instead of trusting a company that's entirely dedicated to security; or do you feel the obscurity of a private server mitigates that?

adding on because i missed this!!

multi-factor authentication is a MUST for anything important to me. i prefer 3FA, which tom scott covers nicely here as: something you know, something you have and something you are (i.e. a password, a USB key and biometrics).

stuff like forums are less of a concern to me, but if i can add 3FA why not?

as for self-hosting, i personally believe that it's less about trying to completely stop an attacker; instead im trying to raise the bar as high as possible so they move onto someone else (something i learnt from the preiously linked CS50 vid!): similar to a house alarm not stopping someone robbing you, instead making it more likely that they'll rob the person next to you without an alarm, eventually someone will always be robbed

besides, at least when i self-host stuff, it's guaranteed that i am the only one accessing things - whereas i cant say the same for bitwarden even though i used to use it. dont get me wrong, i think theyre completely fine, but there's fewer points of failure when i host things myself, which is always a plus
Logged

i go by j, she/they :)
wodaro
Full Member ⚓︎
***


I should be drawing

iMood: wodaro
Itch.io: My Games

View Profile WWW

First 1000 Members!Joined 2022!
« Reply #9 on: March 23, 2023 @103.80 »

I just write mine down in a book  :notgood:

I've never been very good with tech. I always get scared that if I keep my passwords on my computer somewhere they won't be safe. Plus if my computer broke I don't know if I would have access to them anymore! So I keep them all in a little book. it also makes it easy to look through all of them and see which ones haven't been changed in a long time.

I never use 2 Factor Authentication unless a website requires it. Too many extra steps! Maybe I should tho...
Logged

Melooon
Hero Member ⚓︎
*****


So many stars!

SpaceHey: Friend Me!
StatusCafe: melon
iMood: Melonking
Itch.io: My Games

View Profile WWW

First 1000 Members!spring 2023!Squirtle!!!!MIDI WarriorMIDI Warrior1234 Posts!OzspeckCool Dude AwardRising Star of the Web AwardMessage BuddyPocket Icelogist!OG! Joined 2021!The Smallest Ozwomp Known To ManBug!
« Reply #10 on: March 23, 2023 @120.36 »

I just write mine down in a book
That's ok :4u: An offline book is totally safe as long as you don't lose it. I kinda made this topic to see how widespread knowledge of this subject was and maybe see if people needed support with it. We can definitely work on a web security guide for non-techies if people need it!

i prefer 3FA
All my servers including the one this forum runs on are 3FA, I think that's fair if you are anticipating becoming a target, but I think it's prob overkill for everyday use!

I will make a password a keyboard smash of ultimate magnitude and then reset it whenever I need to login
I hate this so much, but I can't really fault it, it seems like a flawless plan as long as your email is accessible :TnT:

advocate for self-hosting
I would still say unless you REALLY know what your doing and are willing to dedicate time to make sure it's secure and doesn't get lost somehow, it's still prob much better for most people not to do this. Knowing my track record for messing up Linux installs, losing data and deleting things I shouldn't... I'd avoid self-hosting passwords like the plague :tongue:
Logged


everything lost will be recovered, when you drift into the arms of the undiscovered
CyberCat2000
Casual Poster
*


Astral Dragon Mech Pilot

SpaceHey: Friend Me!
StatusCafe: cybercat2000

View Profile WWW

First 1000 Members!Joined 2022!
« Reply #11 on: March 23, 2023 @143.18 »

I recall at first, I used a password book. Then I decided to try out password managers, and I never looked back. Currently, I use KeePass, with the file stored on cloud storage. As for 2FA, I also use Authy, admittedly...
Logged

Guest
Guest
« Reply #12 on: March 23, 2023 @173.78 »

I'm a bit mixed on password managers. On one hand, it makes it a lot easier to use complex and different passwords for everything. On the other, it's a single point of failure. It's not unheard of for password managers to be compromised.

That said, I'm keeping it a secret how I manage my passwords. Now excuse me while I release these pigeons and scatter a deck of cards on the West-facing side of an Applebee's during a thunderstorm.
Logged
Guest
Guest
« Reply #13 on: March 23, 2023 @416.70 »

I remember all of my different 13+ characters long passwords in my head. :evil:
Logged
Inkerlink
Full Member ⚓︎
***


Hey, nice to meet you!


View Profile WWW

First 1000 Members!Cool Dude AwardJoined 2023!
« Reply #14 on: March 23, 2023 @601.98 »

I remember all of my different 13+ characters long passwords in my head. :evil:

'abcdefghijklm' isn't secure, no matter how much you protest!  :ok:
Logged

Quote
It was in a way the world at the very beginning – the elements alone, and starlight.
-The Ionian Mission, Patrick O'Brian



Pages: [1] 2 Print 
« previous next »
 

Vaguely similar topics! (1)

Password Hiding?

Started by moonsetterindustriesBoard ☔︎ ∙ I need Help!

Replies: 5
Views: 504
Last post February 07, 2024 @947.84
by moonsetterindustries

Melonking.Net © Always and ever was! SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies Forum Guide | Rules | RSS | WAP2


MelonLand Badges and Other Melon Sites!

MelonLand Project! Visit the MelonLand Forum! Support the Forum
Visit Melonking.Net! Visit the Gif Gallery! Pixel Sea TamaNOTchi