• WanderingThoughts@europe.pubEnglish
      17·
      7 months ago

      Then you can generate a password so big and complex, the site or app starts begging you to stop. At that moment, you can say “ur password system is weak.”

      • bdonvr@thelemmy.clubEnglish
        19·
        7 months ago

        Careful with that. Sometimes a site will allow you to use some stupid long password when you sign up, but then it turns out that some other version of the site or an app for it on other platforms won’t accept a password that long!

          • noodly_appendage@lemmy.myserv.oneEnglish
            0·
            7 months ago

            My e-mail provider does this. I wanted to change my password to some 64 character long generated string. It accepted, but I could not log in after that. After a few tries, I found the reason and, after another few tries, also the limit at which it gets truncated: 16 characters! God, how I hate them for this…

            • apprehensively_human@lemmy.caEnglish
              1·
              7 months ago

              Perhaps even worse than this is when the hash allows you to enter what you think is your full password, but as long as the first characters are a match then it will succeed.
              16 characters is probably fine as far as passwords go, but if the site is secretly truncating from 16 down to, say, 7 and still allows you to sign in, you don’t even realize that your password isn’t nearly as secure as you thought it was.

        • Cassa@lemmy.blahaj.zoneEnglish
          2·
          7 months ago

          It’s not a service you’re paying for. It is just a password manager.

          Though tbh, I don’t know all of bitwardens spesific details.

          It’s at least open source, but can you have your passwords stored anywhere other than their servers? What if the company changes path - can you just use another fork or are you stuck.

          • Mark with a Z@suppo.fiEnglish
            9·
            7 months ago

            Bitwarden is self-hostable and foss, with some unofficial software already out there. Not much opportunity for the company to entrap customers if it went evil.

            IMO, for most people it’s best to just send them to register at bitwarden. It’s less hassle so they might actually follow through, while being infinitely better than what they were doing before.

      • Lka1988@lemmy.dbzer0.comEnglish
        1·
        7 months ago

        KeePass and literally any of it’s derivatives. Not just DX.

        I use Keepass2Android, KeePass XC, Keepassium, and the OG KeePass.

        They are all solId.

    • AlfredoJohn@sh.itjust.worksEnglish
      2·
      7 months ago

      Or just use the built in password managers in chrome or Firefox. No need to pay for a password manager when they are free on the browsers most people already use

      • Mark with a Z@suppo.fiEnglish
        2·
        7 months ago

        No need to pay

        I didn’t say anything about paying. It’s free in both meanings of the word.

        It’s also cross-platform and -browser and better than builtin ones.

      • Stillwater@sh.itjust.worksEnglish
        0·
        7 months ago

        I wouldn’t recommend that. Bitwarden is free and works on any device, and doesn’t tie you to a browser. What if you want to switch browsers someday?

        • Lag@lemmy.worldEnglish
          1·
          7 months ago

          Same as wanting to switch password managers some day. Firefox has been the most consistent thing in my life.

      • fuck_u_spez_in_particular@lemmy.worldEnglish
        0·
        7 months ago

        Arghh, why is every company thinking, that AI will make them valuable…

        “Let AI retrieve, generate and manage all your credentials”

        Yeah a definite nope, for what reason do I use bitwarden? So that exactly this doesn’t happen…

        Anyway vaultwarden is what I’m using, much more performant and self-contained, compatible to bitwarden (but you need to host it, obviously)…

        • OpenStars@piefed.socialEnglish
          1·
          7 months ago

          It would seem so, yes.

          Evidence: xkcd is never wrong. :-P

          (Although I have always wondered about that aspect yes… perhaps an attack has to switch between trying random letters and random words, which may limit its effectiveness, and still keep the number of words high? What if we swapped out letters like c0rr3ct? - b/c obviously hackers have never heard of 1337 5p33ch before. Yeah I really have not looked this one up, hence default to the joke answer above. irl I use the FOSS KeePass and a large string of random crap… but that is nowhere near as funny to say as correct horse battery staple:-D

          Also, https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength does talk about this - but unless it is in the references, there is not too much depth there, e.g. a dictionary may have a certain number of words, but I doubt that they are all used equally - some werds oft encroaches upon my visage with verily greater frequency of occurrence by comparison to alterity, so while in the sense of spherical chickens sliding on a frictionless surface a dictionary attack “may not be viable”, in practice I highly suspect that a way could be found to find, if not one specific password, then at least somebody’s password within a large bank of them.)

  • PotatoesFall@discuss.tchncs.deEnglish
    10·
    7 months ago

    I don’t know how but I went way too long without a password manager. Changed my life. I recommend Bitwarden. I also use it to store like, my bank account number or my tax number.

  • outhouseperilous@lemmy.dbzer0.comEnglish
    123·
    7 months ago

    Correcthorsebatterystaple (somebody link please)

    Edit: Most places wont allow it due to character requirements and length limits, but it does work and is cryptographically sound.

    • Patches@ttrpg.networkEnglish
      3·
      7 months ago

      Yep and then they require you to put special characters, numbers, and capital letters because… Reasons?

      I would be the one getting hacked, not them… Let me do what I want.

      • outhouseperilous@lemmy.dbzer0.comEnglish
        2·
        7 months ago

        Also, chbs without aA!%12345ing is way harder to inject code with.

        Not that anyone is allowed to code considerately and well anymore.

      • Ghoelian@lemmy.dbzer0.comEnglish
        1·
        7 months ago

        It’s just because of entropy. More entropy is more secure.

        Also sure, it’s you getting hacked, but it’s the service that got hacked that will have all kinds of news stories written about their weak password requirements.

  • Nangijala@feddit.dkEnglish
    1·
    6 months ago

    This legit made me choke on my laughter. So fucking true.

    And then people go “jUsT wRitE iT dOwN”

    Well, I do, bish, but I can never remember what notebook or piece of paper I wrote it on nor where I put it. I have found old password notes in the weirdest places, even digitally. In fucking Procreate on my iPad in a a weird folder I never use, quickly scribbled down in a file that I have not looked at for three years. Sometimes in the bottom of a bag that I put in the basement months ago, on a little water damaged poster it note. Other times in the back of a notebook, upside down AND written in invisible ink. No really. And I thought I was sooooo clever at the time too. -_-

    So now I have a bullet journal I carry with me everywhere and I wrote down all the pin codes and passwords and whatever the fuck I have that I can remember down on a separate piece of paper that is in pocket in the back of the book so that when this journal is finished, I can put it in the next one. I hope this time it will work out longterm, lol.

  • Etterra@discuss.onlineEnglish
    0·
    7 months ago

    Keep a physical, paper password notebook, and write something boring, like “recipes” on the front of it.