this post was submitted on 26 Apr 2024
16 points (100.0% liked)

Pulse of Truth

1498 readers
44 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth
16
Most people still rely on memory or pen and paper for password management (www.helpnetsecurity.com)
submitted 1 year ago by lemmydev2 to c/pulse_of_truth
10 comments fedilink hide all child comments
 

Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%). These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse … More → The post Most people still rely on memory or pen and paper for password management appeared first on Help Net Security.

top 10 comments
sorted by: hot top controversial new old
[–] NaibofTabr 11 points 1 year ago

If you're writing down your passwords for personal use, and you keep them collected in a notebook or something you're fine. If a bad guy has broken in to your home where they would have physical access to your notebook, then you have much bigger security problems than having your passwords compromised. Keeping a physical notebook of passwords would be much safer than keeping them in a file on your computer.

Password reuse is a much bigger security problem than writing your passwords down.

[–] sexy_peach@beehaw.org 4 points 1 year ago (1 children)

Replying on pen and paper is a very secure method to handle your passwords.

[–] GiveOver@feddit.uk 4 points 1 year ago

Until they take a photo so they can have them on their phone

[–] Aussiemandeus@aussie.zone 2 points 1 year ago (1 children)

Not me, I'm dumb make up all my passwords.

Then I write them into a note file on my phone locked behind another password.

I'm sure it's not safe

[–] BatrickPateman@lemmy.world 5 points 1 year ago (1 children)

You are close though. Get a real password manager and you have them saved plus more security, and convenience on top when entering them in apps etc.

[–] Aussiemandeus@aussie.zone 3 points 1 year ago (2 children)

Yeah I just don't trust a password manager entirely. They get hacked and it's done.

Same as the service where they supposedly requeste all your private information be removed so you don't get scam calls and emails etc anymore.

Probablem with that is its subscription and when you finish paying the subscription I'm sure they would sign you back up

[–] BatrickPateman@lemmy.world 7 points 1 year ago

Besides there being trustworthy ones, there is also the option to selfhost one and only expose the service to the WiFi. E. g. Bitwarden. Means you can only sync at home, but still better than a bloody text file.

Or use Keepass for a filebased vault and sync that with Syncthing. With browser addons and autotype it is still way better than copy and pasting passwords from a file, using the clipboard.

[–] Renegade 1 points 1 year ago

I second keepass. It's running in at least half the secure environments we all rely on anyway.

[–] _lilith@lemmy.world 1 points 1 year ago (1 children)

Jokes on you I just punch in shit at random and reset them every time

[–] NaibofTabr 1 points 1 year ago

Nothing wrong with this as long as you're using a reasonably secure email service for the account recovery. All of those other accounts are only as secure as the recovery process anyway.