Who TF isn’t using a password manager in 2025? Like how would you even function?
My employer, a fortune 500, blocks password managers and all other add-ons.
My employer, a 12 people big company, nowhere near any fortune list, mandates the use of 1password for all company related accounts.
Federal and State jobs you can’t use password managers.
My federal job came with one pre-installed.
Yeah idk about that. I've worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I'm also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.
Okay so remember the one or two ones you need there (try a passphrase!)
For everything else - password manager.
Federal I had about 15 passwords. The State job I had about half that.
Yep.
I use pass phrases filtered through a mess of cyber chef.
I use modified “HorseBatteryStaple” style passwords. I have a couple base phrases that I always remember, with special characters and numbers inserted. I modify them bit by bit for different sites, and keep a list of the changes - only the changes. Anyone who looks at the list would see random words, numbers, or symbols without context; only I know how it all fits together.
For example, let’s pretend HorseBatteryStaple1! Is my default password. I may have “cell phone, machine 5” on the list. That would mean the password for my cell phone’s payment website modifies the default password by changing one of the words in HorseBatteryStaple to “machine” and the number 1 to 5.
I know password managers exist, but I like to try to remember my own passwords. Especially since I may need them across different devices, including my work laptop that I can’t download new programs onto.
Caution, reusing parts of your passwords like that significantly reduces the effective entropy.
If someone finds HorseBatteryStaple1! in a plaintext leak, then they only need to guess one word and one number to get your phone password (assuming they know your format or use a matching heuristic).
Get a password manager. It's a lot more secure and easier to only have to remember one strong main password and have the rest randomly generated
KeePassXC, donor, and I sync it with my (self-hosted) SyncThing server.
FWIW, LastPass is bullshit. DYOR, and stay safe, citizens!
Also, it could be taken as a positive that BitWarden is the example Wikipedia uses to define password strength. 🤌🏼
i just use hunter2 for everything
Why would your password be *******? That seems terribly insecure.
nobody else can see it when I type it.
God, the tears rolling down my face laughing the first time I read that.
BatmanSupermanSpidermanCaptainAmerica@2025
Just 4 characters are enough. And it includes Cap.
TheDoctor&CaptainJack
16 characters and a cap
Finally can't take it anymore
Downloads a Password Manager
Password Manager: "Please create a unique master password to begin"
That's one password, and then use 2FA or a passkey or a yubinkey or anything to secure it so the security of the password isn't a big deal
Then go to every single thing you have a password for, and have the password manager set it to something random. I personally like pass phrases get it up in the teens of characters multiple words multiple numbers multiple special characters. 99.9% of the time you shouldn't be typing any of this in. It should be injected for you. If per chance you should need to type one of them in typing in four or five words some numbers and some special characters is not really a horrible grievance.
I just checked my password manager vault and I currently have 311 passwords stored there.
594 for me
I have nearly 800. I think I need to do some cleaning.
It's not so bad once you develop a system.
!!! PASSWORD TOO WEAK !!! - your password must contains upper and lowercase characters, digits and symbols except not a hyphen for some fucking reason,, and no characters you've ever used in past passwords and no digits that are in your postal code, data of birth, or shoe size. Zalgo text is acceptable.
Only 16 characters?
I was on the internet early enough that I had a four character, all lower case password to my emails and it never complained once.
What? No punctuation marks? Special characters like !@#$%^&*()_+?
I got a "we've had customers accounts breached, please update your password" email the other day.
They specifically called out you can't use # in your password, and it's been bugging me why that is. What part if their system let's in other special characters but # is off limits?
Now that I’m thinking about this it’s bugging me too. If they are passing it to shell scripts maybe it’s interpreted as a comment? Some databases like Oracle use # to separate schema prefix from schema user and table name in a query? But none of those would really make sense here 🤷
What painting is that?
For everybody commenting on passwords manager, I've been using one for years now and I feel this so bad. My company has a password policy of changing the LAPTOP's password every 8 weeks and you can't reuse any of the last 10 passwords used. I hate it because I can't use a password manager to unlock my laptop and I'm so used to password managers by now that it's getting really hard to come up with new passwords that follow the stupid requirements and even worse remembering them. I'm veeeery close to just start noting them down in a notebook by my machine and then send a picture to our security guy to show him where he has gotten us all to
Write a script that sets the password to 10 different passwords, then back to your original password.
Quick question friends:
If I'm already using bitwarden and decide to switch to self-hosting it; can I import my usernames and such?
I would most likely change all the passwords, but being able to migrate the websites (with corresponding username) would be kinda nice
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
A collection of some classic Lemmy memes for your enjoyment
