:pog-dolphin:

  • nujabes [any]
    ·
    4 years ago

    if you can remember your password it's not secure

    • Dan [they/them,undecided]
      ·
      4 years ago

      Password managers are good, but I need one I can remember for my password manager (and full disk encryption and PC login passwords to get to where my passwords are stored)

      • invalidusernamelol [he/him]
        ·
        4 years ago

        I just use biometrics on my phone, and enable panic/lockdowm mode option in the power settings. Set your master password in the manager to some really long string and print it out and hide it somewhere in case you really need to use it.

        And yeah, this won't protect your from like the FBI or CIA if they decide to just come into your house, but 90% of security is just making sure script kiddies can't get your login info lol

      • CylonZebra [he/him,comrade/them]
        ·
        4 years ago

        Maybe a usb security key like Yubikey? Also if you use 2FA with your password manager having a less than perfect password is non-issue.

        • Ryaina [she/her]
          ·
          edit-2
          4 years ago

          Not nessaceraly, the instant the attacker needs to guess more than 3 words, in what order, capitalization, and if you've seperate them with a number or special chars then they are entering an attack time on the order of infeasible, even with a dictionary to work with.

          int eh XKCD each word is given 11 bits of entropy 2^11=2048 not the 30k some common English words so they are already factoring a dictionary attack. add some common substitutions and capitalization and you can bump that to 13 bits per word. add some special chars in between or at the end/beginning and you can add more.

          For example: someWords?P4ss/Secur3! is approximately 46-50 bits of entropy even assuming a dictionary attack and is still relatively simple to remember.

          even at 10k guesses per second (10x the rate assumed in the XKCD) that's 230-3500 years to guess.

          That said, this should be for your main email account and bank and stuff. The things you may need to access without your password manager. for most things use a randomly generated password stored in a password manager.