this post was submitted on 26 Apr 2024
16 points (100.0% liked)

Pulse of Truth

1702 readers
125 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth
16
Most people still rely on memory or pen and paper for password management (www.helpnetsecurity.com)
submitted 2 years ago by lemmydev2 to c/pulse_of_truth
10 comments fedilink hide all child comments
 

Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%). These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse … More → The post Most people still rely on memory or pen and paper for password management appeared first on Help Net Security.

top 10 comments
sorted by: hot top controversial new old
[–] NaibofTabr 11 points 2 years ago

If you're writing down your passwords for personal use, and you keep them collected in a notebook or something you're fine. If a bad guy has broken in to your home where they would have physical access to your notebook, then you have much bigger security problems than having your passwords compromised. Keeping a physical notebook of passwords would be much safer than keeping them in a file on your computer.

Password reuse is a much bigger security problem than writing your passwords down.

[–] sexy_peach@beehaw.org 4 points 2 years ago (1 children)

Replying on pen and paper is a very secure method to handle your passwords.

[–] GiveOver@feddit.uk 4 points 2 years ago

Until they take a photo so they can have them on their phone

[–] Aussiemandeus@aussie.zone 2 points 2 years ago (1 children)

Not me, I'm dumb make up all my passwords.

Then I write them into a note file on my phone locked behind another password.

I'm sure it's not safe

[–] BatrickPateman@lemmy.world 5 points 2 years ago (1 children)

You are close though. Get a real password manager and you have them saved plus more security, and convenience on top when entering them in apps etc.

[–] Aussiemandeus@aussie.zone 3 points 2 years ago (2 children)

Yeah I just don't trust a password manager entirely. They get hacked and it's done.

Same as the service where they supposedly requeste all your private information be removed so you don't get scam calls and emails etc anymore.

Probablem with that is its subscription and when you finish paying the subscription I'm sure they would sign you back up

[–] BatrickPateman@lemmy.world 7 points 2 years ago

Besides there being trustworthy ones, there is also the option to selfhost one and only expose the service to the WiFi. E. g. Bitwarden. Means you can only sync at home, but still better than a bloody text file.

Or use Keepass for a filebased vault and sync that with Syncthing. With browser addons and autotype it is still way better than copy and pasting passwords from a file, using the clipboard.

[–] Renegade 1 points 2 years ago

I second keepass. It's running in at least half the secure environments we all rely on anyway.

[–] _lilith@lemmy.world 1 points 2 years ago (1 children)

Jokes on you I just punch in shit at random and reset them every time

[–] NaibofTabr 1 points 2 years ago

Nothing wrong with this as long as you're using a reasonably secure email service for the account recovery. All of those other accounts are only as secure as the recovery process anyway.