Password reuse is rampant: nearly half of observed user logins are compromised (blog.cloudflare.com)

submitted 6 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

6 comments fedilink hide all child comments

top 6 comments

sorted by: hot top controversial new old

[-] drspod@lemmy.ml 6 points 4 hours ago

Why is Cloudflare monitoring/recording our passwords on the sites they are supposed to be protecting?

[-] Saik0Shinigami@lemmy.saik0.com 2 points 2 hours ago

Because Cloudflare users enable the feature?

It's literally opt-in.

[-] TommySoda@lemmy.world 3 points 6 hours ago

While I understand that password reuse is a problem I also understand that remembering 50+ passwords, because literally everything requires you to make an account, is impossible. And some of these password managers seem shady themselves. And if said manager needs a password that means someone only needs the one password which puts us back at square one.

These days I've resorted to physically writing my passwords down because I straight up don't trust anything that connects to the internet anymore for this kind of information. Like some lame puzzle in a video game where you have to look around the room for the password. But it still feels safer than anything that's connected to the internet.

[-] lurch@sh.itjust.works 1 points 40 minutes ago

How about KeePass then? It's an encrypted local database file you can sync/backup how and where you want. There are clients to open/edit it for Android, Linux and even Windows. The Android version can use fingerprint, if your phone has this hardware.

[-] Mic_Check_One_Two@reddthat.com 2 points 5 hours ago

This feels a little too tinfoil-hat for me. The reality is that one strong password is going to be more secure than 50 weak passwords. If you use something like a passphrase with 30+ characters, cracking it with today’s methods will take longer than the heat death of the universe. Yes, it means all of your eggs are in one basket. But that’s why it’s important that basket is protected like Fort Knox.

[-] Saik0Shinigami@lemmy.saik0.com 1 points 1 hour ago

This feels a little too tinfoil-hat for me.

Nah a lot of those services are ripe for abuse... The correct answer is to just use your own... keepass for "offline" on a USB stick type of thing... or host your own vaultwarden.

this post was submitted on 19 Mar 2025

11 points (100.0% liked)

Cybersecurity

6732 readers

225 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social