Post AMrtjFklCEvvPzgSxc by byterhymer@mastodon.social
(DIR) More posts by byterhymer@mastodon.social
(DIR) Post #AMpPRxohFFL1vQReOe by bitwarden@fosstodon.org
2022-08-23T18:44:23Z
0 likes, 2 repeats
💬 Calling all Developers and Security Enthusiasts!What have you learned about passwords and password security that you wish everyone knew? :blobcatreading:
(DIR) Post #AMpPYBoM7uQ749FpSK by didek@101010.pl
2022-08-23T18:45:25Z
0 likes, 0 repeats
@bitwarden https://xkcd.com/936/
(DIR) Post #AMpPld5A2pohPUWVnc by tulpa@fosstodon.org
2022-08-23T18:47:51Z
0 likes, 0 repeats
@bitwarden That there's no need to change passwords regularly. Only if they are no longer secure (or weren't secure in the first place).
(DIR) Post #AMpQZBHnfFFtgI3z04 by kentoseth@fosstodon.org
2022-08-23T18:56:55Z
0 likes, 0 repeats
@bitwarden I can make my password length 9999 chars long but if the folks looking after the servers don't do a good job, my account can still get pwned!
(DIR) Post #AMpQnEHDLHJt0hUJVo by Longplay_Games@mastodon.social
2022-08-23T18:59:18Z
0 likes, 0 repeats
@bitwarden That everyone REALLY NEEDS to use unique passwords for every site, because every site will eventually suffer a security breach.If you make sure they each have a randomly generated password, you can shrug and move on.
(DIR) Post #AMpQzqoDuCNHzWwiX2 by theDoctor@fosstodon.org
2022-08-23T19:01:33Z
0 likes, 0 repeats
@bitwarden If you can remember all your passwords, you're doing it wrong. Unless you're some kind of savant or something. Password managers of some sort are really the only viable option, as I see it.
(DIR) Post #AMpRV8AbPLOaoRKT7A by wydamn@social.linux.pizza
2022-08-23T19:07:24Z
0 likes, 0 repeats
@bitwarden Recently, a friend's discord account spammed links in our mutual channels. I recommended he check haveibeenpwned, and when he saw the results he admitted that his discord was likely accessed because he re-used his password across multiple sites, including ones that had been breached. This guy is not a normal user, but a fellow student in a programming course. We even took a security & ethics class together.I recommended resetting all passwords uniquely, with BitWarden of course 😉 .
(DIR) Post #AMpUM3lkhThSQ64WOm by birnim@fosstodon.org
2022-08-23T19:39:23Z
0 likes, 0 repeats
@bitwarden that I needed to make more backup copies of them :D
(DIR) Post #AMpaeASv8r827qHVXk by markusl@fosstodon.org
2022-08-23T20:49:30Z
0 likes, 0 repeats
@bitwarden That your logon password should never contain a character that's not in the same place on a US keyboard as on your local keyboard layout. (For me, it was '@'.) Otherwise, if IT has set your system up weirdly and your local keyboard layout takes effect only after you've logged in, you'll keep typing your logon password correctly and wonder why you get locked out.
(DIR) Post #AMphiVNG2rhFoHeEKW by rjdickenson@aus.social
2022-08-23T22:09:03Z
0 likes, 1 repeats
@bitwarden A password manager helps avoid entering your credentials in a fake website, because the autofill option isn't available. It's enough to make you stop and realise you're probably not looking at a valid site.
(DIR) Post #AMpinG3AXxwtgZ589g by optimal@mastodon.online
2022-08-23T22:21:09Z
0 likes, 0 repeats
@bitwarden Correct Horse Battery Staple.
(DIR) Post #AMqyQqgTy8PT4IlaZE by stardot@fosstodon.org
2022-08-24T12:51:04Z
0 likes, 0 repeats
@bitwarden sites that impose maximum password lengths of less than 20 characters is an indicator of poorly implemented password security and you should not store sensitive data there.
(DIR) Post #AMr0nDaZgqtGNwnVmi by kevin@merveilles.town
2022-08-24T13:17:17Z
0 likes, 0 repeats
@bitwarden its actually LESS effort than trying to remember passwords or having to reset it every second time.
(DIR) Post #AMr0tUqeQvt3eSJLLk by kevin@merveilles.town
2022-08-24T13:18:33Z
0 likes, 0 repeats
@bitwarden using a password manager is actually LESS work than trying to remember old password or having to reset your password every second time you log in.
(DIR) Post #AMr2KOTsJanng02z6e by verbumfeit@fosstodon.org
2022-08-24T13:34:45Z
0 likes, 0 repeats
@bitwarden Remembering and thinking of new passwords passwords is a stress generator. A password manager gets rid of all that and frees brain capacity.
(DIR) Post #AMrtYXu1NRnuWQuUD2 by byterhymer@mastodon.social
2022-08-24T23:31:09Z
0 likes, 0 repeats
@bitwarden Passphrase managers have been targeted my hackers since at least the 1990s. Use them at your own peril.Better yet: only use them when being paid to use them to collaborate in group environments with shared credentials. Do your best to avoid them in all other circumstances.Look into OpenSSH's support for S/KEY, one-time pads have been used in secure comms for many decades for good reasons.If a passphrase manager is for profit? Don't just avoid, stop trusting people who recommend.
(DIR) Post #AMrtjFklCEvvPzgSxc by byterhymer@mastodon.social
2022-08-24T23:33:03Z
0 likes, 0 repeats
@bitwarden Passphrase managers have been targeted by hackers since at least the 1990s. Use them at your own peril.Better yet: only use them when being paid to use them to collaborate in group environments with shared credentials. Do your best to avoid them in all other circumstances.Look into OpenSSH's support for S/KEY, one-time pads have been used in secure comms for many decades for good reasons.If a passphrase manager is for profit? Don't just avoid, stop trusting people who recommend.