• M0oP0o@mander.xyz
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Wait? how is a page in my pocket not secure but a software password manager is?

      • M0oP0o@mander.xyz
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        3
        ·
        edit-2
        1 year ago

        “you accidentally put it through the wash.” - Yes this is a risk, same as your password software company is sold/closed

        “someone pick pockets you.” - Really this is not my concern if I am robbed (my cards and ID are more then enough to not need my passwords)

        “you have a house fire.” - The password is in my pocket so as a dead person my password is not a concern anymore. Also if my house burns down I have bigger issues.

        “it smudges.” - What is written are just reminders and I can rewrite them.

        “you use weak passwords so theyre easier to type and write (instead of copy/paste),” My passwords follow the same rules as any good password, just because you hate typing them out does not mean I don’t do it.

        “you spill coffee in your lap.” - OK, I am not seeing how burning myself does something to my password. if the paper gets wet? I guess if I was sitting in the coffee for a while it could make the ink run, but Eww that sounds like not a good time.

        “why would you put access to all of your accounts on/in something so vulnerable day to day?” - I don’t nor anybody should use the same password for everything, Paper is great for notes and is a lot more secure then any software. I would ask why people are ok storing sensitive information on someone else’s machine. When did this become normal to trust a 3rd party over a physical item on your possession?

          • M0oP0o@mander.xyz
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            Sorry I assume you are using a program that is not air gapped. Most of the time I associate the “cloud” to these managers.

            • CoderKat@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              KeePass can be used locally. Often you’d want to store your vault in something like dropbox simply so you can use it on multiple devices for ease of use, but you don’t have to. And arguably you don’t need to worry if someone gets your vault. The encryption cannot feasibly be broken in any way but brute force. If your password is hard enough to guess, you’re fine even if an attack has your vault.

              As well, if your complaint is just letting third parties handle your data, Bitwarden is open source and can be self hosted.

              • M0oP0o@mander.xyz
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                If its local then its not much more then an encrypted notepad, and I am down for that.

        • CoderKat@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Risks aren’t all equal though. How often do you smudge something or run it through the wash vs your password manager somehow shutting down without any notice? I’ve accidentally washed things tons of times, myself. Not a single password manager I’ve ever used has unexpectedly shut down. Heck, LastPass got sold and you can still use it (though I don’t recommend them). Importing my LastPass file into Bitwarden was trivially easy. You also can and should export your passwords occasionally to a local, encrypted file.

          And while being pickpocketed/robbed already sucks, I don’t see why you’d want it to be worse. And it absolutely can get worse. Lots of people have passwords for financial services that will allow a thief to steal even more money or valuables from you than they can with just your credit and debit cards. Plus that’s more things to have to rush to lock.

          What is written are just reminders and I can rewrite them.

          I’d argue that if you’re a typical person with the dozens of unique online accounts that many people have, you generally won’t be able to remember your passwords, as that suggests your passwords are at risk for being guessed or too easy to crack.

          That said, you often only truly need to remember your email password and computer/phone logins. Generally you can reset everything with your email. Of course, that’s not a reminder and is extra hassle.

          • M0oP0o@mander.xyz
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            I think people are taking the pocket example too literally. When I used to have to remember and manage way, way to many passwords I had a small notebook with the different parts to my passwords. Never was a whole password written out but I could recreate any password I needed from the little book. Was it a prefect solution? No. But it worked well for me for more then a decade and I worked with people who did similar. I did once put my little book in the wash when very tired, but interestingly little notebooks hold up well.

    • blind3rdeye@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      A lot of people joke about how postit notes on your computer are super insecure etc… But the fact is that the vast majority of threats are from people in other parts of the world, attacking your computer over the internet. So although a piece of paper with your passwords right next to your computer is very insecure vs people who are in your house; those are generally not the people you are worried about anyway! So that isn’t so bad.

      As for a piece of paper in your wallet… That’s legitimately a high-security approach. There and some obvious downsides; but from a security point of view, it’s very good - especially if your ‘enemies’ don’t know about it. (Which they probably don’t; because unless you’re some high-profile political target or a spy or something like that, probably no one is watching you closely enough to care how you store your passwords.)

      • M0oP0o@mander.xyz
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        I think people get stuck on the software angle because they like the cool factor and we all like to think we are super important. In reality most accounts are broken into not with the password but the password recovery anyways.