Password managers are a placebo and do not improve your security in the slightest, but you are not ready to have this conversation yet.

Password managers are a placebo and do not improve your security in the slightest, but you are not ready to have this conversation yet.

It's All Fucked Shirt $22.14

Nothing Ever Happens Shirt $21.68

It's All Fucked Shirt $22.14

  1. 3 weeks ago
    Anonymous

    Better passwords and no password reuse seem useful to me

    • 3 weeks ago
      Anonymous

      If someone gains access to your password manager, it doesn't matter whether your passwords are reused or not. It becomes a single point of failure.

      • 3 weeks ago
        Anonymous

        I trust my password manager a lot more than I trust websites. Websites leak passwords all the time

        • 3 weeks ago
          Anonymous

          Just use different passwords?

          • 3 weeks ago
            Anonymous

            I'm not going to remember a properly unique password for every single website. That's why I use a password manager

  2. 3 weeks ago
    Anonymous

    >sticky notes on your monitor
    s tier opsec

    • 3 weeks ago
      Anonymous

      better yet: REMEMBER your passwords. i have a password manager and it's called MY FRICKING BRAIN

      • 3 weeks ago
        Anonymous

        works if you ever use one website but it's not the case for normal people

      • 3 weeks ago
        Anonymous

        good point. btw, meant to ask, what's your street name and DOB?

        • 3 weeks ago
          Anonymous

          >not using a password manager = having weak/guessable passwords
          Thanks for proving you were moronic, you can sit down now.

      • 3 weeks ago
        Anonymous

        it was fine before but now sites require capital letters, numbers, special characters, pics of your dick, etc.

      • 3 weeks ago
        Anonymous

        You do use a different password for each site though right?

  3. 3 weeks ago
    Anonymous

    i use them for convenience thoughbeit

    • 3 weeks ago
      Anonymous

      I am fine with people using them because of convenience. I'm just tired of people shilling password managers as some kind of panacea for shit opsec, which they are not.

      • 3 weeks ago
        Anonymous

        yes they are, try moving all your passwords to password manager then corrupt the database, would like to see you get back your accounts

        • 3 weeks ago
          Anonymous

          See what I said in

          If someone gains access to your password manager, it doesn't matter whether your passwords are reused or not. It becomes a single point of failure.

          : it's a single point of failure.
          >then corrupt the database
          See, that's the problem. If I can't access it, no one can, but what's the point?

          • 3 weeks ago
            Anonymous

            use backups, if you hit your head and forget everything there will be no backup for that, so don't talk about single point of failure

          • 3 weeks ago
            Anonymous

            >if you hit your head and forget everything
            I won't be able to use the computer and will have more pressing matters at hand, but thanks for your concern. Also: if you hit your head and forget the password to your password manager, where's the backup gonna be?

            it was fine before but now sites require capital letters, numbers, special characters, pics of your dick, etc.

            A lot of websites I use only require the password to be of certain length, most other conditions are irrelevant nowadays.

          • 3 weeks ago
            Anonymous

            >A lot of websites I use only require the password to be of certain length, most other conditions are irrelevant nowadays.
            >I use
            Ok zoomer boomer

  4. 3 weeks ago
    Anonymous

    bros am i autistic? i have like 4 passwords
    >main pw: very strong, used on major websites, so if it leaks i've got bigger problems than that
    >secondary pw: used for alts and shit, a bit weaker and easier to remember, and if it leaks i don't particularly care since there's not much behind it anyway
    >tertiary pw: weak, easy to remember, used for shit i don't care about as a one-off login or something like that
    >internal pw: nigh-uncrackable, used strictly for self-hosted shit, very unlikely to leak

    • 3 weeks ago
      Anonymous

      no youre not autistic, this is good practice. i do this with emails. i use a password manager so different password for each site. but one thing people forget is an email is also a point of security. if someone has your email, their chances of getting into your shit has increased. with that said, i use about 3 different emails. one for just a few things that should never ever leak. one for everything else. one for irl, out and about, id hand this one to someone in person because it has my real name
      doing this not only means that your most important stuff will be extra protected because not only do you have your password, you also have your email (and 2fa hopefully) so theyre essentially impenetrable. it also means you will never have to worry about phishing. yes just dont be a dumbass and check the sender's address and just use common sense, yeah yeah. but it helps to not have that shit spamming up your inbox and getting in the way

    • 3 weeks ago
      Anonymous

      Normie yeah. I had similar until embraced password manager. My login flow to any rarely used site was
      >try password a few times
      >all wrong
      >reset password
      >make new one
      >login
      Now I press auto type and hope I have a password ready. Still needs auto generated random email addresses. Tried one service but it wasn't quite perfect.

  5. 3 weeks ago
    Anonymous

    Just use account info and a memorizable password to create the password you use on the website
    #!/usr/bin/env sh
    site="$1"
    username="$2"
    password="$3"
    encoding="$4"
    main(){
    ( ( echo "$site" | sed -E "s@^(www.|https?://(www.)?)@@;s@/$@@"
    echo "$username"
    ) | tr '[:upper:]' '[:lower:]'
    printf "%s" "$password"
    ) | cat - /dev/zero | head -c 256 | sha384sum | cut -d -f1
    }
    cvFromHex(){ tr '[:lower:]' '[:upper:]' | basenc --base16 -d | basenc --${encoding:-z85}; }

    case "$encoding" in
    b*16|hex*) main ;;
    *) main | cvFromHex ;;
    esac

    • 3 weeks ago
      Anonymous

      BASED

  6. 3 weeks ago
    Anonymous

    nobody said they improved security.

    they make managing passwords much easier.

  7. 3 weeks ago
    Anonymous

    All my account names for anything ever are my SSN and my password is my birthday. I make sure my address, fingerprints, health records, my exactly current location, and my bank account information is perfectly accessible in every public social media platform. I do not have login credentials on my 86x Windows XP laptop which remains on public Wi-Fi at all times. I use the final version of windows explorer with firewalls disabled, no antivirus, and administrator access at all times. I click every link I ever receive in email. I answer all phonecalls regardless of country code starting with my full name, bank routing number, and checking account information making sure to fully identify each. I do not lock my doors at night.

    • 3 weeks ago
      Anonymous

      thank you giga chad.

      freedom of information is the safest way to surf the web

  8. 3 weeks ago
    Anonymous

    Firefox password manager does not have any significant extra vulnerability than locally saved credentials. The cloud backup is useless for attackers, encryption works. Password managers with account recovery add vulnerability, not relevant to me.

    Only entering passwords on the fly is slightly more secure, malware has to keylog, but I'm way too lazy.

    • 3 weeks ago
      Anonymous

      This is the only correct take.

  9. 3 weeks ago
    Anonymous

    password managets work as long as they're on-device and not connected to some homosexual cloud service, just waiting to get hacked.

    most accounts get hacked because of data breaches leaking passwords, not because of client-side viruses.

  10. 3 weeks ago
    Anonymous

    I use this:
    username = base36(tuplehash(31, masterpassword, domain))
    password = z85(tuplehash(128, masterpassword, domain, username))
    keypair = ed25519(tuplehash(256, masterpassword, "ed25519", identity))
    tuplehash(output_bits, t_1, ..., t_n) = shake128(t_1 || length(t_1) || ... || t_n || length(t_n) || n || output_bits)

    Using this scheme you can derive all your passwords and secret keys (ssh, pgp, etc.) from a single master password in a secure way.

    • 3 weeks ago
      Anonymous

      Partially known plaintext weakens a hash

      • 3 weeks ago
        Anonymous

        wrong, dumb moron.

        • 3 weeks ago
          Anonymous

          5 second google search

          • 3 weeks ago
            Anonymous

            have a nice day, dumb moron
            https://keccak.team/files/SpongeKeyed.pdf

  11. 3 weeks ago
    Anonymous

    use passkeys

    • 3 weeks ago
      Anonymous

      Not a lot of websites supports them, unfortunately.

      If you think password managers are about "improving security", you are moronic.

      That is exactly the point of my post. See

      I am fine with people using them because of convenience. I'm just tired of people shilling password managers as some kind of panacea for shit opsec, which they are not.

      .

  12. 3 weeks ago
    Anonymous

    If you think password managers are about "improving security", you are moronic.

  13. 3 weeks ago
    Anonymous

    [...]

    Is this a skitzo thread now?

    • 3 weeks ago
      Anonymous

      always has been

  14. 3 weeks ago
    Anonymous

    >Password managers are a placebo
    I think you mean a placenta.

  15. 3 weeks ago
    Anonymous

    >yes goy! always use reuse weak passwords!
    >oh and make sure you write them down so they can be easily stolen!
    psyop thread

Your email address will not be published. Required fields are marked *