How secure is your Mac? Best to be safe. Although iCloud keychain is safe, if it gets hacked then gg. That’s why I recommended the “brain” storage method instead.
1 Like
For those who are serious about security, I strongly recommend giving a read on this topic instead:
This post is unfortunately misleading.
3 Likes
no, sign out of all sessions works by invalidating all roblosecurities and making a new one
1 Like
i think password managers can be hacked easier than brains
NEVER trust online password managers, NEVER. Use something permanent like a piece of paper or a note to store your passwords on it and remember to hide it.
1 Like
That sounds a bit dramatic. I use LastPass, and I’m fine.
Not possible, I was being hacked live in March of this year. The hacker started to sell all my limiteds for cheap prices and I keep signing out of sessions. But he kept coming back in. Only when I changed my password, the roblosecurity he got stopped working.
It’s not vulnerable by my actions, meaning I never do stupid stuff on my Mac and make it vulnerable.
An online password manager is okay, but they’re not permanent. If you store your passwords on a cloud, you can lose your password for some time due to outage or even breach. If you store your passwords locally, you can lose them due to viruses on your PC. It’s better to keep them where you’ll not lose them.
1 Like
Ah, okay. Maybe I should start writing down passwords and keep them safe. 
1 Like
sigh
Please, before telling people not to use password manages, explain why.
Here are some starter issues with not using password manages, whether they’re online or not:
- Memorizing/writing down all of your passwords for all of your websites
- If your memory fails, or you forgot where you wrote your passwords, you can’t access your accounts
- Authorizing yourself to get access to the passwords; when you have written down your passwords, you don’t have a log of who accessed them. You can keep them in a safe, but it’s easier to crack into a physical safe than it is to crack your encrypted passwords with the key only you know, by an algorithm security experts have created.
- It takes time to write down your new passwords, and type them into forms instead of just selecting the field & pasting.
- Recommended practice is to change passwords for your accounts at least once every year
- If any of your emails/passwords are detected and found pwned, you should update your credentials ASAP. This is extremely unintuitive to do without a password manager that automatically checks and alerts you, you have to do this manully.
- Password management becomes a hell, and are you really more secure by doing it physically?
4 Likes
No worries, I’m going to be using password managers and writing passwords down together, but I do agree with your point though.
That just complicates things, stick to a system that’s secure and doesn’t require as much effort. And also consider your attack surface before considering switching to anything new.
Writing passwords down at your home protects you basically from anyone on the internet, but what about family members, siblings and others? If you tell me you store your passwords in a physically safe safe, with a code only you know, and that you always put the passwords in there, sure, feel free to do that, but if not, you’re just letting passwords lie where you reside.
If you’re worried about losing access to your accounts, there are tons of things to do to backup your secrets. Do regular dumps and backups to other independent vendors or to local USBs/HDDs, but don’t go as far as writing your passwords down on physical paper because “cloud bad, paper best”.
That makes sense. I agree with all that.
But what if I lock my papers in a 5 foot thick steel vault 7 miles underground? With a bomb that goes off when someone touches the paper?
2 Likes
Oh, lol. Security goes on the cost of convenience, so if you have the time to go to that vault every time you want to log in, then I have nothing to say.
But, if you want to be basically just as secure, start using password managers and do backups.
1 Like
Thanks for your reply.
I have a few concerns:
Is it something bad to memorize and write down your passwords?
You don’t need to keep your note on a different side of the house.
Why should you keep something in a safe? Especially a note with your passwords. You can hide it in a place like under a bedsheet.
It doesn’t take 3 hours to write down a password (for me).
Again, that doesn’t change that you need to use a password manager for that.
You can use a password manager for your work accounts. If you have many passwords, I give you a point for that.
Yes I am. I’m not scared of losing them.
I gave a reason here:
Hope you’re doing well.
I also just have my passwords ridiculously difficult to type out and that helps.
1 Like
Quoting the last part:
[…] suggests that password managers are a bad idea because “there is no such thing as 100% security”. Of course there isn’t! But there doesn’t have to be to justify using a password manager , it just has to be better than not using one.
Again, all you’re doing is making things complicated for yourself. Physically writing down things takes time and good organization. Memorizing passwords is not efficient, and at least waaaay less permanent than if you were to use a good password manager.
I have thousands of accounts, if I were to manage all my passwords physically and find each correct paper note for an account every time I wanted to log in, I’d rather have “password” as my password for all websites, and just put a strong password on the email / 2FA app I’d use.
I am confused on why you’re so against password managers, but I’ll bring out two common concerns.
Security
A good password manager service will never store your passwords in plain-text on their servers. It should be encrypted with your password that only you know, but they’ll implement rate-limiting and 2FA checks to make sure you’re the right individual to access the encrypted passwords.
Accessbility / downtime / breaches
You can’t expect the service providers to do everything on their own, you need to help. If you’re so worried about losing all your secrets, take regular backups of your secret and store them in a secure location.
Worried about breaches? Refer to my point above regarding security. All your secrets are encrypted with your password. Do they have the time to decrypt every single user’s password with insanely powerful and expensive machines? Maybe, maybe not.
5 Likes
Why on earth would you want to memorize your passwords?
If you can remember your password and you’re a big developer then your account could be at risk for brute-forcing. My password is over 80 characters long, and how is using a password-saving service bad? They are designed to keep your passwords safe. If they were to have low security no one would use them.
This is harmful advice. Encouraging people to memorize all their passwords also encourages them re-use passwords, use less secure passwords, etc. You should use a secure password manager such as https://1password.com/ or https://keepass.info/
3 Likes