Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
They're much more than passwords managers nowadays, they're secrets managers. You can't store sensitive info like passport info, insurance cards, etc in a way that you know is safe if you make sure to use a unique and strong password as well as 2FA.
I don't use a PM because I'm too paranoid about losing access to it (hardware failure, file corruption), thus losing access to all accounts it protects. I end up writing down my passwords on paper. Not the full thing, just a personal reminder.
The real irony is that an "easily stolen" piece of paper is safer than anything i leave on my computer or phone
I finally committed myself to getting BitWarden set up, maybe a year ago. I wish I had done it sooner. I use it to generate all my passwords, and I have it installed on my phone and desktop. I love remembering only one password and knowing all my other passwords are secure. For me it's a no-brainer.
Ive used 1password since almost the beginning. Cant say I have any complaints at all!
A shame I haven't seen Passwordstore (pass) here. Simple, transparent, and to the point, with great extensibility to boot. It also interacts with git allowing you to version track your own storage, which is a huge plus for me since I use git daily.
On other choices, I think the largest point you should consider for a password manager is the ability to self-host your own instance. Opensourced server code is the next best thing. In security, human trust should never be trusted, and even if the company is not lazy and malignant about your data, bundling up a lot of them create obvious larger targets for potential hackers, and you have higher chance of getting the collateral damage than localized ones.
I recommend one. Try to get one without a subscription. I bought the pro version of Enpass before they put up a subscription wall, and I've been riding that one ever since.
1Password all the way. Holds my passwords and all of my 2FA codes. I understand it’s a single point of failure but I’m comfortable with their architecture and I don’t feel like self hosting stuff.
I have proton subscription for mail, vpn the works. Just switched to Proton Pass and very happy. Auto creates alias emails on signups so my real email is not out there.
Yes. 1Password. If and when they fuck up, I'm going self-hosted.
Definitely recommend using one. Don't have a preference for any particular one, I use Google's for simplicity sake. But unless you have a complicated system that allows you to have different passwords for every online service (or maybe if you have a great memory) it's simply more secure to use a password manager. Most sites have emails as logins, and if you reuse the same email/password combination you're just asking for trouble for when one day one of those sites get hacked, your password is sold, and someone spams your combo across all popular services and somehow ends up in your bank.
I really like bitwarden personally. Its open source and works pretty well for my needs
I appreciate Enpass because it allows me to decide where my data is stored while simultaneously synchronizing across all my devices. It's quite impressive. Now, they have incorporated Wi-Fi sync, which eliminates the need for cloud-based synchronization.
KeePassX(C?) both on Windows and Linux. I used the windows version KeePass2 but there was a recent security vulnerability in it so I switched to KeePassX. Maybe it's already patched... auto-type doesn't seem to work in KeePassX on Windows so I might switch back but it's not that critical.
Absolutely worth it. It's the only way to actually adhere to password best practices.
What are my thoughts on a password manager?
I think it’s both a good thing, and a crutch. I feel the fact that most services are rendered unusable without an account is sad, and with the 100’s of accounts one is expected to have a password manager is sadly needed if you can’t memorize a password or can make passwords with a consistent pass phrase.
Do I use one?
Nope, I have a password system which is good enough for most accounts that’s always more than 7 character long and unique for each account without being lost to me. The only time it has failed as when my work decided to have us change our passwords every quarter, and I ran out of password ideas.
There are a lot of people recommending a very specific program in this thread. Be skeptical, everyone. Do your research on the strengths and weaknesses of these types of tools, and the specific offerings of all current leading services.
I've been using Microsoft authenticator for work, and since it was there I also started using it for my personal accounts and passwords as well. It works well enough, never had any issues.