Password manager by Amazon
Technology
148
Beiträge
109
Kommentatoren
0
Aufrufe
-
This post did not contain any content.
Im guilty of this. I dont write out the passwords in plaintext though. Its mostly just a few letters to remind me of which version of my many "master" passwords i used and then asterisks. ~PW0****$~ kinda thing. I know its bad but I can't bring myself to trust a password manager.
-
Honestly, a physical password book isn't a bad idea.
Not accessible via the internet, and in most cases if someone has physical access to your system you're done for anyway.
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
“People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down.
We're all good at securing small pieces of paper. I recommend that people write their valuable passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
Obscure it somehow if you want added security: write "bank" instead of the URL of your bank, transpose some of the characters, leave off your userid. This will give you a little bit of time if you lose your wallet and have to change your passwords. But even if you don't do any of this, writing down your impossible-to-memorize password is more secure than making your password easy to memorize.”
-
Im guilty of this. I dont write out the passwords in plaintext though. Its mostly just a few letters to remind me of which version of my many "master" passwords i used and then asterisks. ~PW0****$~ kinda thing. I know its bad but I can't bring myself to trust a password manager.
If you keep the book secure, it's probably safer than any computer based record system - right up until someone untrustworthy gets their eyes on the book.
With a physical book, you can store it in a safe deposit box when you don't need access, make partial copies, copies take (everyone, bad guys and good) significantly longer to make even with a photocopy process... most importantly, people intuitively understand the vulnerabilities of a physical book.
Now, the physical book won't stop keyloggers...
-
It's pretty safe. Competent password managers will be heavily encrypted. Having your passwords hacked is essentially unheard of. You don't have to worry about it being on someone else's computer as without your master password the password file is useless.
I think the biggest case was LastPass, and they did it by getting a keylogger onto a developers PC to get at their password, but afaik customer passwords were safe unless your master password was weak or reused from a breached one.
But, a notebook isn't hackable at all. But then the people around you could potentially get into it, which is a far more likely threat for a ton of people.
Either way use 2FA at every site that will allow it.
LastPass's biggest problem was that they were almost the first in the game, and mistakes/choices they made 20 years ago bit them hard when they got hacked.
There were two major issues with LastPass's security model:
- Non-Password data wasn't encrypted. So usernames and urls were visible by the people who stole the vaults.
- Passwords were encrypted with a number of iterations based on when the account was created, so older accounts were only run through a single iteration. The iteration process makes it much harder to guess the master password(by making it take a longer time). So single iteration makes it pretty quick to guess the password.
So with flaw 1 you could see what vaults might have valuable passwords like banks and crypto wallets. And with flaw 2 you could reasonably quickly break into the vaults of long time users.
So aside from their lax security allowing the compromise to happen in the first place (Nothing is fool proof), they weren't providing the level of protection most people assumed.
More modern password managers like BitWarden fixed those problem a long time ago.
-
Still better than using the same password everywhere and/or saving passwords in an unencrypted text file on your computer somewhere.
Just not very user friendly.
It is very user friendly, at least for reliability and security if you keep it in a safe location. It is cumbersome and slow.
-
This post did not contain any content.
Sure, it's a horrible idea in an open office environment but if someone wants to use this at home for all their passwords it really won't hurt anything.
-
TBF, they can be fooled too.
Bitwarden warns against using autofill on load for that very reason, as then simply loading a malicious page might cause it to provide passwords to such a site.
And then, a human when a site doesn't autofill, is more likely to just go "huh, weird" and do it manually.
Wait, what? How does autofill get fooled?
-
Here's the thing .. as crazy as a notebook with passwords sounds, it's not accessible to someone across the internet.
Please hold your password notebook in front of the laptop camera.
-
this is my internet password logbook
That is tight as hell and I love it
-
That is tight as hell and I love it
you too can have it (not my listing): https://www.depop.com/products/christy19js-rare-1990-sanrio-spotty-dotty/
-
Does anyone else know how to get into the safe?
it's a key entry, and yes.
-
you too can have it (not my listing): https://www.depop.com/products/christy19js-rare-1990-sanrio-spotty-dotty/
It's $55 (I'm assuming USD). Or "4 interest-free payments of $13.75". On one hand, it's expensive. On the other hand, it's bloody brilliant!
-
you too can have it (not my listing): https://www.depop.com/products/christy19js-rare-1990-sanrio-spotty-dotty/
Hells yeah thank you for sharing
-
This post did not contain any content.
I see no issue with this, especially for an elderly person, for example, to keep at home. The only way this will get "breached", is if someone breaks into her home. At that point, the password book is the least of her concerns anyway. In fact, from a cyber security point of view, this is brilliant if kept in a safe place, such as a locked safety box. You can't really remotely hack a physical book.
-
This post did not contain any content.
My mother uses something similar to keep track of her passwords for everything. While I prefer a password manager like Bitwarden or Keepass. I would rather her use a note book like this over something like Google or Apples password managers.
Or even worse, the same password for everything.
-
This post did not contain any content.
Self hosted and air gapped.
-
That Web Addresses placement is killing me.
It's infuriating!
-
Self hosted and air gapped.
Just as the Lord intended.
-
Still better than using the same password everywhere and/or saving passwords in an unencrypted text file on your computer somewhere.
Just not very user friendly.
I'm going back to paper for most things and I don't know man, I think it's more user friendly given the current tech landscape. My paper notebook never changed the interface to add a huge Copilot button.
-
I'm going back to paper for most things and I don't know man, I think it's more user friendly given the current tech landscape. My paper notebook never changed the interface to add a huge Copilot button.
Neither did my laptop, desktop, or phone. I use Linux and GrapheneOS, so I don't deal with most of the nonsense people have been complaining about.
