Follow

How do you store your passwords?

@fribbledom I can't believe that many people store their passwords in their head! I used to until I was doxed, and now I randomly generate each new password. There's no way I could memorize all of them.

@fribbledom
I have voted for "Texfile"
Key into E-MAIL for remembering.

But more of them into OPERA browser ...has password remembering by itself

@fribbledom Bitwarden, though I back up to floppy disk just in case ;-)

@fribbledom KeepassXC, Keepass2Android Offline and Syncthing

@fribbledom that should be a multiple choice question since using a password manager still needs one to store the access password somewhere.

@fribbledom 1Password. And recently I found an older machine where I hadn't 1p'd… took me half an hour to remember/guess the password. NEVER rely on memory for anything. All passwords, notes, whatever, go in the vault.

@mdhughes @fribbledom I loved the 1pass app. Don’t like the subscription model they moved to.

@knigge @fribbledom I'm still on classic, sync by Dropbox. But if you use their cloud sync, you should pay for their hosting. Most important security item you have, and you want it supported for free? That's asking for trouble.

Services want to be paid!

@fribbledom I read textile instead of textfile and was confused

@uint8_t Wait, you don't embroider your passwords into clothes?

@fribbledom

I can't choose multiple options here, so both password manager, and then a salt addition that is in my head.

@fribbledom

I'm too paranoid for my own good.

If I ever have amnesia, I'm screwed.

@hamishcampbell @fribbledom nice one!

Keep your cookies while you can and then: Reset the password!

@fribbledom I have an arrangement with a group of friends where we tattoo our important passwords onto each others bodies in a place none can see alone.

It's like a physical version of Samirs Secret Sharing Scheme

@fribbledom

Once I knew a guy who had his passwords on the road in public view!
Rather than to write them he used the signs of the shops in front of him: "FruttaPino-0123-456789" and so on.

@fribbledom

oh i like this thread!

i use password-store with the Emacs 'pass' package. it's cozy :blobcatmelt:

@fribbledom I voted text file as they're in a text file on an encrypted partition which is only mounted when needed. Opened in my normal editor (geany) as a special-purpose user using ssh -X.

@fribbledom I use zx2c4 pass, so, a combination of the last two (it's just encrypted text files in a git repo + tooling)

@fribbledom
Password manager 78%
Methinks a lot of wishful thinking going on.

@fitheach Or the wrong target group has been asked. For @fribbledom 's followers 78% might be true. But I doubt that his followers are a representative average of "any" society.

Professionally, I do something with IT security and we're about to conduct a study regarding PW security. I am eager to see the results... (mid 2021).

@_xhr_
It is valid to ask the question of any target group. I'm sure Fediverse users are vastly more tech savvy than the general population, but, 78% still strikes me as high for the password manager option.

My observations of the general population shows most people relying on the browser storing their passwords.

I use a text file, encrypted with GPG, edited with Vim and the gnupg-vim plugin. My passwords are secure, but, available on all the platforms I use.

@fribbledom

@fribbledom For financial ones, the password is split between paper and an encrypted text file. Hopefully that means neither a hacker or a burglar can get a useful password.

@penguin42 @fribbledom Well now that you've told everyone where to look..

@fribbledom
On paper can also be a password manager. Physical access thieves are more likely to steal a high value item like a phone or a laptop than a paper notebook.

@fribbledom upright, but I hear you’re supposed to rotate them every few weeks so the contents don’t settle

@fribbledom Surely the most common option is one more included in the poll: in the browser

@muesli I use KeePass, but I have a code in my mind to create and remember passwords anywhere without resorting to the key manager.

@fribbledom BitWarden after LastPass stopped working for me. And KeePass before that.

@fribbledom Some are in my head. At work we have a paper password book for certain things. But the vast majority that I personally use are in a password manager.

@fribbledom A text file that is never decrypted to disk. Which probably isn't what you meant by text file, but that's the answer I gave anyway.

@fribbledom I rely on a hybrid solution. Some of them are in a password manager, but I also use passwordmaker for some. The beauty of it is, that there's nothing to hack in a system like that, because nothing is stored anywhere. It's sort of like a hash function that's given two inputs: your master password and the domain you're tyring to log into.

Speaking of generating passwords, I also have a few (not very important) passwords that are generated in my head with some rules I've decided earlier. This way you don't need to remember anything other than the rules. Just look at the name of the site you're at, and run that through the algorithm you've got in your head and there's the password you can't be bothered to memorize.

@fribbledom GNOME Keyring via Lockbox. Locksmith for generating passwords & passphrases.

Sign in to participate in the conversation
Mastodon

The original server operated by the Mastodon gGmbH non-profit