Submitted by BasedSweet t3_10z1kx5 in technology
CervantesX t1_j812mgs wrote
Shockingly, putting millions of passwords into the same place didn't turn out to be a brilliant idea.
SomethingMatter t1_j81ugyu wrote
You have two options:
- Put your passwords in a password manager - this can be local only
- Remember all of your passwords
The second one means that you will either have duplicate passwords or a system in place where a person who knows one password can figure out the others. The only real option is a password manager. All password manager worth anything won't be able to get hold of your passwords without you first entering your master password so the trick is to keep a good master password and you should be fine.
spsteve t1_j85ta1m wrote
Local is the big part here. Password manager sites just are too big a target.
CervantesX t1_j88dm1i wrote
Don't make it sound like it's that hard to make a site-unique password scheme. And all it takes is buying a domain name, and you can have unique site-specific login emails as well. Even if one of the sites gets hacked and your L/P are in plaintext, it would take an actual person intentionally targeting just you to even have a hope of noticing your scheme, let alone figuring it out. Sprinkle in some 2FA and there's no way anyone is finding another accessible account before that site auto locks for bad logins, and/or you notice all the notifications thereof.
Or you can put your entire life worth of passwords into the hands of a company dedicated to making as much profit for as little work as possible, and hope it works out for you.
Infinite-Eggs t1_j82e716 wrote
Your PC will always be a single point of failure. At least a password manager tries to secure the data even when its sitting in your RAM and has features to try and thwart keyloggers. This buys you time to change your passwords.
Manually typing your passwords or copy/pasting via clipboard is the least secure method by far and is the main method key loggers plan on exploiting.
Shaila_boof t1_j81gqoa wrote
I save all my password in the browser saving password thing, is it bad?
NiftyNumber t1_j81n0vi wrote
Information is encrypted before sending to Google ( I am assuming you are using chrome), so even Google doesn't know your passwords. Therefore, generally pretty safe.
teh_maxh t1_j82rr2e wrote
> Information is encrypted before sending to Google ( I am assuming you are using chrome),
That's a new feature (only since June 2022), and AFAIK isn't automatically enabled.
Fickle-Razzmatazz827 t1_j85kajk wrote
Definitely not. It's been used way longer. No one sends plain text passwords since the late 2000s unless it's an amateur made website.
teh_maxh t1_j864onn wrote
I guess Google is made by amateurs, since on-device encryption was introduced just last year.
Fickle-Razzmatazz827 t1_j8729eg wrote
completely a different thing and this encrypts using your device and you need to enter your password to decrypt it. The password is still is not being sent to google as plain text and has never been.
teh_maxh t1_j87uadc wrote
Are you really arguing that "well, technically it's sent via TLS" is actually adequate for a password manager?
[deleted] t1_j81ppwp wrote
[removed]
SomethingMatter t1_j81tph3 wrote
It's not the best. Depending on how things are set up, anyone getting access to your PC can log onto any of the sites that you log into. You are also tied to the browser. e.g. Want to use an iPhone and chrome, tough. There are free options for password managers.
MrPissedHimself t1_j81v48q wrote
Think if they're saved they go head to saved passwords and click a button to see it in clear text. Might have changed now but I remember doing that on a publicly used computer a few years back
HanaBothWays t1_j826yvl wrote
It’s probably not bad and it’s better than nothing, but it’s less portable than a good password manager.
Infinite-Eggs t1_j82eqo9 wrote
It's better than typing them manually. The main point is that all your passwords should be complex and unique. That should help you in 99% of cases.
CervantesX t1_j88dpai wrote
It's not ideal, but it's common. Best practice is to at least not save your hyper sensitive logins like bank pwds.
Viewing a single comment thread. View all comments