How do you store your passwords?
@fribbledom I can't believe that many people store their passwords in their head! I used to until I was doxed, and now I randomly generate each new password. There's no way I could memorize all of them.
I have voted for "Texfile"
Key into E-MAIL for remembering.
But more of them into OPERA browser ...has password remembering by itself
@fribbledom that should be a multiple choice question since using a password manager still needs one to store the access password somewhere.
@fribbledom 1Password. And recently I found an older machine where I hadn't 1p'd… took me half an hour to remember/guess the password. NEVER rely on memory for anything. All passwords, notes, whatever, go in the vault.
I can't choose multiple options here, so both password manager, and then a salt addition that is in my head.
@fribbledom I have an arrangement with a group of friends where we tattoo our important passwords onto each others bodies in a place none can see alone.
It's like a physical version of Samirs Secret Sharing Scheme
Once I knew a guy who had his passwords on the road in public view!
Rather than to write them he used the signs of the shops in front of him: "FruttaPino-0123-456789" and so on.
@fribbledom I voted text file as they're in a text file on an encrypted partition which is only mounted when needed. Opened in my normal editor (geany) as a special-purpose user using ssh -X.
@fribbledom I use zx2c4 pass, so, a combination of the last two (it's just encrypted text files in a git repo + tooling)
Professionally, I do something with IT security and we're about to conduct a study regarding PW security. I am eager to see the results... (mid 2021).
It is valid to ask the question of any target group. I'm sure Fediverse users are vastly more tech savvy than the general population, but, 78% still strikes me as high for the password manager option.
My observations of the general population shows most people relying on the browser storing their passwords.
I use a text file, encrypted with GPG, edited with Vim and the gnupg-vim plugin. My passwords are secure, but, available on all the platforms I use.
@fribbledom For financial ones, the password is split between paper and an encrypted text file. Hopefully that means neither a hacker or a burglar can get a useful password.
On paper can also be a password manager. Physical access thieves are more likely to steal a high value item like a phone or a laptop than a paper notebook.
@fribbledom upright, but I hear you’re supposed to rotate them every few weeks so the contents don’t settle
@fribbledom Some are in my head. At work we have a paper password book for certain things. But the vast majority that I personally use are in a password manager.
@fribbledom A text file that is never decrypted to disk. Which probably isn't what you meant by text file, but that's the answer I gave anyway.
@fribbledom I rely on a hybrid solution. Some of them are in a password manager, but I also use passwordmaker for some. The beauty of it is, that there's nothing to hack in a system like that, because nothing is stored anywhere. It's sort of like a hash function that's given two inputs: your master password and the domain you're tyring to log into.
Speaking of generating passwords, I also have a few (not very important) passwords that are generated in my head with some rules I've decided earlier. This way you don't need to remember anything other than the rules. Just look at the name of the site you're at, and run that through the algorithm you've got in your head and there's the password you can't be bothered to memorize.
The original server operated by the Mastodon gGmbH non-profit