Programmer Humor

32291 readers

37 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

[email protected]

1109

Passwords are insecure (programming.dev)

submitted 6 months ago by [email protected] to c/[email protected]

98 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 24 points 6 months ago (3 children)

But don't use lastpass, they are the most popular, and with the largest breach history. In fact, if you are capable of the admittedly high bar of self hosting, use bit warden instead.

[–] [email protected] 12 points 6 months ago (4 children)

But don’t use lastpass, they are the most popular, and with the largest breach history.

This is exactly why I don't want to use a password manager. Storing all my passwords in one place online doesn't exactly sound secure.

[–] [email protected] 6 points 6 months ago* (last edited 6 months ago)

I would rather recommend using KeepassXC, and storing and syncing the database with your other devices using Syncthing. Supereasy to set up, and works flawlessly with my pc and my phone.

KeepassXC has nice features like global autotype btw, so for webpages i can insert my payment information with one hotkey. no need to save your CC in your browser.

[–] [email protected] 4 points 6 months ago (1 children)

Right? I'm right with you. I keep a password book I can lock up in the safe. No online hacker can get to that.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

I use a pattern relative to the site name, with a different email address for every site also relative to the site name. The pattern means the password is always different but I always know that it is.

[–] [email protected] 1 points 6 months ago

1Password is an option. It’s all stored in one place, sure. But you need the encryption key and password to access it. No one but you has that key, and if you lose/forget it you lose your passwords forever. Not even the company can recover your passwords from that.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

For 99% of people an online password manager like Bitwarden or LastPass is going to significantly help them manage passwords securely despite the risks associated with cloud services. Most people can't handle self hosting Bitwarden or syncing a Keepass database by themselves. Without an easy to access and easy to use online option people will revert to significantly riskier methods like password reuse or using some sort of repeatable/guessable pattern.

For the 1% of people who want more security there are options like Vaultwarden or Keepass. Even then it's not uncommon to make mistakes and lose data/access or leave some sort of vulnerability exposed. The attack surface is a lot smaller than a public service though which is beneficial.

[–] [email protected] 12 points 6 months ago

Why? Bitwarden has a free tier you don't have to self host

[–] [email protected] 5 points 6 months ago

In fact, if you are capable of the admittedly high bar of self hosting, use bit warden instead.

Vaultwarden, typically, because it's fully free and more resource efficient. But bitwarden as the client of course.