Password reuse is rampant: nearly half of observed user logins are compromised (blog.cloudflare.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

20 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Mic_Check_One_Two@reddthat.com 3 points 16 hours ago

Someone breaking into your password manager is a lot less likely than someone breaking into one of the dozens or even hundreds of services you probably reuse passwords on.

Exactly. Without a password manager, every single service you have reuses your password on is a security risk, because any one of them will compromise the rest. And it has repeatedly been demonstrated that even large software companies don’t follow best practices regarding passwords. So any one of them being compromised is a risk. With a password manager, as long as it is properly encrypted and secured with a strong master password, the only point of attack will be your master password.

It’s less about keeping all your eggs in one basket, and more about reducing attack vectors that hackers have access to. With reused passwords, every single individual service is a potential vector of attack.

[-] sugar_in_your_tea@sh.itjust.works 2 points 16 hours ago

And do yourself a favor and get MFA on that password manager. That dramatically increases the skill level needed to hack your master pass.

[-] Mic_Check_One_Two@reddthat.com 2 points 16 hours ago

Several of the larger password managers have started requiring MFA on new accounts. Bitwarden, for example, now requires at least an email verification. They encourage you to use other MFA methods instead, like an Authenticator app. But they at least have the email as a last-ditch “fucking fine, you really don’t want to install an Authenticator app? Here, we’re forcing you to use this as the bare minimum” backup.

[-] sugar_in_your_tea@sh.itjust.works 1 points 16 hours ago

And that's how it should be. In fact, I switched banks to the only one I could find that had MFA, because I value security as an option.

this post was submitted on 19 Mar 2025

28 points (100.0% liked)

Cybersecurity

6732 readers

377 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social