this post was submitted on 24 Dec 2024
99 points (98.1% liked)
Asklemmy
44182 readers
1560 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm seconding Bitwarden. I'll also say that whilst self-hosting (if one can do it securely) may be more secure than using a service, security is always going to be a sliding scale trade off of convenience and security.
I recommend Bitwarden to everyone, but I'm sure there are options that are probably equally good. But most people could probably benefit from a password manager because we have so many different services demanding we make accounts that I reckon it's next to impossible for any reasonable person to avoid reusing passwords across services (that's one of the biggest security risks that hit regular people).
Start up tips: make sure your master password is strong and memorable. I found Bitwarden's password generator for this. A passphrase tends to be more memorable than an equally long password โ a good master pass phrase would have at least four words (four is sufficient for most people). Write this down in a physical place, as a backup, ideally not your wallet. it doesn't necessarily need to be locked away, just make sure you'll know where to find it if you forget it (I forgot mine a bunch at first and had to reference my backup a few times).
Password managers and security in general can feel overwhelming because of the instinct to do things properly, which might include things like self hosting a password manager, or only avoiding biometric sign-in on the phone app version rtc. However, the best password manager is one that you use, and if bits of convenience like this help, then it's a good trade off.
It reminds me of the joke about two people who see an angry Grizzly bear in the forest, which starts charging at them. One of the people starts running away, and the other shouts "Where are you going, you'll never outrun the bear". The running person replies "I don't need to outrun the bear, I just need to outrun you". That's a bad paraphrase, but the sentiment is that using a password manager at all puts you way ahead of many people, in terms of security. Obviously, you'd feel more secure if you knew you could outrun the bear, but if we spent too long being anxious about our ability to do that, we definitely will get eaten. (Apologies for such a long comment. I always do this when I'm procrastinating going to bed. I hope you have a nice Christmas, if you're celebrating that wherever you are.)