I put all my passwords in a text document, then print it on a little strip of paper and shove it up my ass. Whenever I take a crap, I dig it out from the turds and try to memorise some of them again. Then I shove it back up there where noone else can find my data and I won’t lose it.
Ah yes, KeepAss
Spectacular
sh.itjust.works
Forgot to mention I delete the text document and set fire to the computer’s hard drive. The passwords are only ever in my ass, with the rest of my personal shit.
Following up your own shit post with another shit post is shit post gold.
Have you ever tried anal, my beautiful gentleman?
Maybe, but it would have to be personal and in my ass if I had or ever did.
Bitwarden here. Works well.
No $10 gift card?
Lame.
“Chrome users” or “Chrome under windows users” would be closer to the truth. Still, quite a screw up.
Something like 2/3rds of the world uses chrome for desktop. I’d bet that number is higher for windows specifically. If you’re the rare person who doesn’t use chrome then you’re savy enough to know this doesn’t apply to you
Recently started using Bitwarden and it works really well. You can even ditch authenticator because it has OTP built in too.
I selfhost it though because I trust nobody with this type of sensitive data, encrypted or not.
By storing your passwords and otp in the same place it becomes 1 factor authentification
Not if you use 2 factor to access the password manager.
It’s still just one factor. You just secured it better.
To set a scene, you awake in the middle of the night because your phone is making noise. Blearily you unlock it, glance at a prompt, and then approve a login and fall back asleep. The intruder now has access to your password manager!
They attempt to log into your bank and drain your life savings, but despite having your password it sends another prompt to your phone. This time, you wake up enough to realize something is wrong. This time, you deny the prompt.
The entire second paragraph cannot happen if your MFA is a single factor. Don’t store MFA in your password manager!
I mean yeah it’s less secure than if they were separated. But my mom is never going to use a separate app for passwords and 2FA, so the two in one app is still better than nothing.
Technically yes if my vault gets compromised I would be fucked. I have it firewalled tho and only accessible from home (or VPN to home). So should be pretty secure. I used google authenticator but found it a major pita (can’t even search entries on Android, wtf?). If they make this more user friendly I’ll gladly switch back to a seperate OTP store.
I use aegis for the MFA portion.
Modern problems require modern solutions
I was thinking about self hosting but I was worried it would be less secure. I don’t really know a lot about setting that kind of thing up (I do have programming experience but don’t have a lot of server hosting experience outside of doing it for games like Minecraft) and I feel like I’d mess it up and it would be a lot easier to get into than a hardened server. Especially cause the odds I get a virus or something is probably higher then the odds someone breaks into bitwarden’s server. Idk if I’m wrong about this, would love to be corrected if I am, was just my initial thoughts when I switched over from a different password manager to bitwarden.
If you don’t trust yourself 110%, don’t host it yourself. Too risky. I self-host everything, but I leave email and passwords to someone else because it’s just too important.
It’s pretty easy to setup using docker, you do need to know that ofcourse and how to setup dns and stuff.
I have it firewalled so my vault is not accessible from the internet, only from home or vpn to home.
A friend has a notebook next to her computer with all her passwords in it. Initially I was horrified - what if you’re burgled? - but actually it’s genius. Much more secure than letting a browser remember them, and she doesn’t even need to memorise a Bitwarden password.
In a household it’s probably not that bad. There aren’t many people breaking into homes looking for account details.
I’ve had my identity stolen several times, and every single time it was stolen from a Fortune 500 company.
I just make all of my passwords password123 then I don’t have to worry about memorizing them
*********** that’s what I see
Really? hunter2
Yeah, when you type hunter2, all I see is *******
Yeah, these newfangled password requirements ruined my life. I refuse to sign up for any website that doesn’t let me use hunter2.
Just add the same memorized bit to the end. Something simple like “123” would work. Even if the book is stolen it won’t do them any good.
That’s an excellent idea! I’ll mention it to her.
My mom told me that she was made fun of for having a book of hand written account credentials related to running her business (6 people total). I told her it was the best way to do it that wasn’t massively overcomplicated for her situation and to keep it up. The only recommendation I made is that she use different long passwords for every site since she’s already not memorizing them.
Personally I’m not convinced this isn’t the best way unless you’re being targeted by physical bad actors
feel like “aaand it’s gone” would fit better here
Me when I don’t use Chrome, I don’t use Windows, and I don’t use browser password saving either
That’s definitely a change from companies just leaving passwords around for anyone to find.
They didn’t vanish, it’s just that now only Google has them.
