• 001100 010010@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    I dont use password managers.

    I just use a set of random words + random numbers, usually something related to the website, the time period (like major global events), maybe just the mood I’m in when I created the password.

    Example: For Lemmy, I might use IslandMazeMouse0216 (I do not use the password btw, never used this before and now never will, don’t try hacking me lol)

    “Island” because the fediverse is like a bunch of islands, that formed together into one fediverse, “Maze” because this shit is confusing, and “Mouse” because the Lemmy logo looks like a mouse, 0216 because of June 12, the day the protest began, 0612, but reversed, but not reversing the 0, so 0 216.

    Now I feel dumb for explaining, but also want to hear opinions.

    But you see, it doesn’t matter. Most websites have login limits so you can’t really brute force the password. I just hate “password managers”, if I were getting old, I’ll probably just put my passwords inside a Standard Notes note, or just put it in a txt and use 7Z AES256 and upload it to a few cloud services.

    For offline passwords, like a Windows Veracrypt encryption password, I use 5-8 random words with 5-7 random numbers and increasing the PIM.

    For mobile, I use like 16-25 digits numerical pin, alphanumeric passwords are just too hard to type. I’ve been experimenting with long alphanumeric password + biometric, or a pin, and honestly idk which is better. I don’t want someone accessing my phone while I’m sleeping, I might forget to turn off biometrics before I sleep.

    I’m not gonna encourage everyone to do what I do, I am not a security expert, just some dude on the internet, but I just want to share how I deal with passwords. Feel free to criticize any flaws. 😅

    • hyorvenn@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      You didn’t give your password but you gave your method for creating them which is not the best idea you know

    • soloner@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I don’t use the random generated passwords cuz they’re hard to read. And some dumb forms disable copy/paste stuff.

      I get all my passwords from usapassphrase.net, and then usually capitalize the words, separated by periods, with 69 appended to the end.

      It’s easy to remember or type, and it also typically works for password rules around casing, numbers, and special character inclusion. Plus 4 word passphrases tend to be a lot of characters, providing a nice long password which is good for security.

    • ward2k@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Few critiques, not personally towards you at all but I really don’t think people should follow this approach

      People can have hundreds of different passwords across various sites this really isn’t achievable

      Human memory is terrible as well, it’s not a matter of if you forget it’s when

      Storing in a standard notes file is absolutely terrible security, it’s also extremely unusable once you have more than a couple passwords

      I really suggest to people using a password manager, most of them have apps for your phone and plugins for your web browser to allow you to autofill. They also allow you to randomly generate passphrases/codes for different sites and the autofill means you never have to remember a single one whilst having extremely strong passwords

      I’d recommend looking into either Bitwarden or 1Password