this post was submitted on 28 Jul 2024
587 points (98.5% liked)

Technology

58115 readers
3888 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
587
Google Says Sorry After Passwords Vanish For 15 Million Windows Users. (www.forbes.com)
submitted 1 month ago by ModerateImprovement@sh.itjust.works to c/technology@lemmy.world
186 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] MrsDoyle@lemmy.world 24 points 1 month ago (6 children)

A friend has a notebook next to her computer with all her passwords in it. Initially I was horrified - what if you're burgled? - but actually it's genius. Much more secure than letting a browser remember them, and she doesn't even need to memorise a Bitwarden password.

[–] captain_aggravated@sh.itjust.works 33 points 1 month ago

In a household it's probably not that bad. There aren't many people breaking into homes looking for account details.

I've had my identity stolen several times, and every single time it was stolen from a Fortune 500 company.

[–] flerp@lemm.ee 17 points 1 month ago (3 children)

I just make all of my passwords password123 then I don't have to worry about memorizing them

[–] don@lemm.ee 5 points 1 month ago (2 children)

*********** that’s what I see

[–] Emerald@lemmy.world 3 points 1 month ago (1 children)

Really? hunter2

[–] don@lemm.ee 2 points 1 month ago

Yeah, when you type hunter2, all I see is *******

[–] Zink@programming.dev 1 points 1 month ago (1 children)

Maybe they’re using one of those instances that censors things, lol

[–] smeeps@lemmy.mtate.me.uk 3 points 1 month ago

Ah, my girlfriend's approach. No matter how much I show her a pwned password or set her up on my Vaultwarden, she's not interested

[–] braindamagebuddy@lemmy.world 3 points 1 month ago

Yeah, these newfangled password requirements ruined my life. I refuse to sign up for any website that doesn't let me use hunter2.

[–] Crashumbc@lemmy.world 13 points 1 month ago (2 children)

Just add the same memorized bit to the end. Something simple like "123" would work. Even if the book is stolen it won't do them any good.

[–] jabjoe@feddit.uk 10 points 1 month ago (1 children)

Kind of like salting.

[–] MrsDoyle@lemmy.world 4 points 1 month ago

That's an excellent idea! I'll mention it to her.

[–] PlexSheep@infosec.pub 8 points 1 month ago (1 children)

It's a primitive password manager, primitive because unencrypted and not integrated into your devices, but far better than not having a password manager.

[–] viking@infosec.pub -4 points 1 month ago (1 children)

Assuming the laptop is running bitlocker (often on by default), has a user password, and is offline, that's pretty decent.

[–] MenacingPerson@lemm.ee 15 points 1 month ago (1 children)

Notebook refers to a paper notebook. Not a laptop.

[–] MenacingPerson@lemm.ee 6 points 1 month ago (2 children)

And in which world is bitlocker on by default? Nope.

[–] Warl0k3@lemmy.world 4 points 1 month ago* (last edited 1 month ago)

A world where we all go insane from explaining "we can't just 'hack' your bitlocker key" over and over to every older relative we have...

[–] sexual_tomato@lemmy.dbzer0.com 8 points 1 month ago (1 children)

My mom told me that she was made fun of for having a book of hand written account credentials related to running her business (6 people total). I told her it was the best way to do it that wasn't massively overcomplicated for her situation and to keep it up. The only recommendation I made is that she use different long passwords for every site since she's already not memorizing them.

Personally I'm not convinced this isn't the best way unless you're being targeted by physical bad actors

[–] JackbyDev@programming.dev 4 points 1 month ago (1 children)

Where is this book? In the office? I'd say that's absolutely horrible. If it's at home I think that's more okay.

[–] 0x0@lemmy.dbzer0.com 1 points 1 month ago (1 children)

Or maybe behind a keyed lock in the office? Not a keypad, a physical key.

[–] JackbyDev@programming.dev 2 points 1 month ago (1 children)

Nah, most locks are really crappy.

[–] CileTheSane@lemmy.ca 2 points 1 month ago (1 children)

Sure, if someone knows her physical address, knows how to disable the building alarm, knows what drawer she keeps the passwords locked in, and knows how to pick the lock, she could be in trouble. But that is a very targeted attack and if someone is that determined she's screwed anyway.

99.9% of attacks are the "low hanging fruit, protected from repercussions by not physically being there" kind.

[–] JackbyDev@programming.dev 1 points 1 month ago

Someone like an employee, janitor, or maintenance worker who has physical access to the building already is what I'm talking about. That's definitely a low hanging fruit type of attack. See your boss's passwords while your pissed off, snap a picture with your phone, fuck with them later.

[–] SkyeStarfall@lemmy.blahaj.zone 5 points 1 month ago

What if the notebook gets destroyed or lost, though? That's my biggest concern here