Follow

How do you store your passwords?

@fribbledom I can't believe that many people store their passwords in their head! I used to until I was doxed, and now I randomly generate each new password. There's no way I could memorize all of them.

@calculsoberic @fribbledom I can remember only a few passwords which I enter often (several times a week). Sure all of them are randomly generated (just numbers).

@fribbledom Head or KeePass, depending on when I need the password

@trebach @fribbledom
Same here.
Head for my KeePass' password.
KeePass for the rest!

@wim_v12e @fribbledom
oh wow, never used that

Wiki says: "The key must be at least as long as the plaintext" ? I'm not sure I understood this one... I'll have to read instead of glance ^_^'

@Eidon
In practice my "key" or pad is a jpg image. It has to have at least as many bytes as the plaintext. The actual encryption is a simple byte-by-byte xor of the plaintext with they key.

@fribbledom

@wim_v12e @fribbledom
Very interesting, and useful! Thanks for the explanation, Wim ^_^

@wim_v12e @Eidon @fribbledom Prefer a randomly generated pad to a JPG, or if a JPG, then the picture it contains should be random (as in "white noise", not as "on a random topic"), otherwise the key may contain periodic patterns and therefore the ciphertext is at risk of being partially cracked using statistical methods.

@fribbledom
I have voted for "Texfile"
Key into E-MAIL for remembering.

But more of them into OPERA browser ...has password remembering by itself

@fribbledom Bitwarden, though I back up to floppy disk just in case ;-)

@fribbledom KeepassXC, Keepass2Android Offline and Syncthing

@fribbledom that should be a multiple choice question since using a password manager still needs one to store the access password somewhere.

@fribbledom 1Password. And recently I found an older machine where I hadn't 1p'd… took me half an hour to remember/guess the password. NEVER rely on memory for anything. All passwords, notes, whatever, go in the vault.

@mdhughes @fribbledom I loved the 1pass app. Don’t like the subscription model they moved to.

@knigge @fribbledom I'm still on classic, sync by Dropbox. But if you use their cloud sync, you should pay for their hosting. Most important security item you have, and you want it supported for free? That's asking for trouble.

Services want to be paid!

@fribbledom I read textile instead of textfile and was confused

@uint8_t Wait, you don't embroider your passwords into clothes?

@fribbledom

I can't choose multiple options here, so both password manager, and then a salt addition that is in my head.

@fribbledom

I'm too paranoid for my own good.

If I ever have amnesia, I'm screwed.

@hamishcampbell @fribbledom nice one!

Keep your cookies while you can and then: Reset the password!

@fribbledom I have an arrangement with a group of friends where we tattoo our important passwords onto each others bodies in a place none can see alone.

It's like a physical version of Samirs Secret Sharing Scheme

@fribbledom really depends if I care about my data on the site or not. Financial stuff strictly in my head and usually a complex password too. For the countless trash sites it's something basic with a manager

@fribbledom

Once I knew a guy who had his passwords on the road in public view!
Rather than to write them he used the signs of the shops in front of him: "FruttaPino-0123-456789" and so on.

@fribbledom

oh i like this thread!

i use password-store with the Emacs 'pass' package. it's cozy :blobcatmelt:

@fribbledom I voted text file as they're in a text file on an encrypted partition which is only mounted when needed. Opened in my normal editor (geany) as a special-purpose user using ssh -X.

@fribbledom I use zx2c4 pass, so, a combination of the last two (it's just encrypted text files in a git repo + tooling)

@fribbledom I store the password to my password manager in my head. 😉

@fribbledom
Password manager 78%
Methinks a lot of wishful thinking going on.

@fitheach Or the wrong target group has been asked. For @fribbledom 's followers 78% might be true. But I doubt that his followers are a representative average of "any" society.

Professionally, I do something with IT security and we're about to conduct a study regarding PW security. I am eager to see the results... (mid 2021).

@_xhr_
It is valid to ask the question of any target group. I'm sure Fediverse users are vastly more tech savvy than the general population, but, 78% still strikes me as high for the password manager option.

My observations of the general population shows most people relying on the browser storing their passwords.

I use a text file, encrypted with GPG, edited with Vim and the gnupg-vim plugin. My passwords are secure, but, available on all the platforms I use.

@fribbledom

@fribbledom For financial ones, the password is split between paper and an encrypted text file. Hopefully that means neither a hacker or a burglar can get a useful password.

@penguin42 @fribbledom Well now that you've told everyone where to look..

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!