No worries, I’m going to be using password managers and writing passwords down together, but I do agree with your point though.
That just complicates things, stick to a system that’s secure and doesn’t require as much effort. And also consider your attack surface before considering switching to anything new.
Writing passwords down at your home protects you basically from anyone on the internet, but what about family members, siblings and others? If you tell me you store your passwords in a physically safe safe, with a code only you know, and that you always put the passwords in there, sure, feel free to do that, but if not, you’re just letting passwords lie where you reside.
If you’re worried about losing access to your accounts, there are tons of things to do to backup your secrets. Do regular dumps and backups to other independent vendors or to local USBs/HDDs, but don’t go as far as writing your passwords down on physical paper because “cloud bad, paper best”.
That makes sense. I agree with all that.
But what if I lock my papers in a 5 foot thick steel vault 7 miles underground? With a bomb that goes off when someone touches the paper? 
2 Likes
Oh, lol. Security goes on the cost of convenience, so if you have the time to go to that vault every time you want to log in, then I have nothing to say.
But, if you want to be basically just as secure, start using password managers and do backups.
1 Like
Thanks for your reply.
I have a few concerns:
Is it something bad to memorize and write down your passwords?
You don’t need to keep your note on a different side of the house.
Why should you keep something in a safe? Especially a note with your passwords. You can hide it in a place like under a bedsheet.
It doesn’t take 3 hours to write down a password (for me).
Again, that doesn’t change that you need to use a password manager for that.
You can use a password manager for your work accounts. If you have many passwords, I give you a point for that.
Yes I am. I’m not scared of losing them.
I gave a reason here:
Hope you’re doing well.
I also just have my passwords ridiculously difficult to type out and that helps.
1 Like
Quoting the last part:
[…] suggests that password managers are a bad idea because “there is no such thing as 100% security”. Of course there isn’t! But there doesn’t have to be to justify using a password manager , it just has to be better than not using one.
Again, all you’re doing is making things complicated for yourself. Physically writing down things takes time and good organization. Memorizing passwords is not efficient, and at least waaaay less permanent than if you were to use a good password manager.
I have thousands of accounts, if I were to manage all my passwords physically and find each correct paper note for an account every time I wanted to log in, I’d rather have “password” as my password for all websites, and just put a strong password on the email / 2FA app I’d use.
I am confused on why you’re so against password managers, but I’ll bring out two common concerns.
Security
A good password manager service will never store your passwords in plain-text on their servers. It should be encrypted with your password that only you know, but they’ll implement rate-limiting and 2FA checks to make sure you’re the right individual to access the encrypted passwords.
Accessbility / downtime / breaches
You can’t expect the service providers to do everything on their own, you need to help. If you’re so worried about losing all your secrets, take regular backups of your secret and store them in a secure location.
Worried about breaches? Refer to my point above regarding security. All your secrets are encrypted with your password. Do they have the time to decrypt every single user’s password with insanely powerful and expensive machines? Maybe, maybe not.
5 Likes
Why on earth would you want to memorize your passwords?
If you can remember your password and you’re a big developer then your account could be at risk for brute-forcing. My password is over 80 characters long, and how is using a password-saving service bad? They are designed to keep your passwords safe. If they were to have low security no one would use them.
This is harmful advice. Encouraging people to memorize all their passwords also encourages them re-use passwords, use less secure passwords, etc. You should use a secure password manager such as https://1password.com/ or https://keepass.info/
3 Likes
This is true, but we people can remember a lot of things easily. How do you do 2 digit multiplication? What is the formula for kinetic energy? What is the electronic structure of boron? We can remember all of this, so we can probably remember passwords easily. At least, that’s what I do.
Plus, password managers are at risk of breaches, and there’s little you can do. Brain breach? Impossible.
Any password manager worth their salt is not going to store user’s information in any way that would make a breach a serious risk. It’s extremely likely that your passwords kept on these sites are encrypted, so even the people with access to it can’t know your actual password, just the hidden version of it.
This is absolutely possible and happens all the time. It’s one of the top reasons breaches at large corporations happen. For example: <Person that does not work at Company> is pretending to be a security consultant for Company, who knows exactly what to say to the desk receptionist in order to get into the server room. From there, he plugs in a USB and steals company information and walks out the front door. No “hacking” required.
See here: Social engineering (security) - Wikipedia
1 Like
Keepass and a 5 dollar wrench would like to invert this statement.
Relevant XKCD: xkcd: Security
The advice from any reputable authority on this is clear, use a password manager. For your manager, use a passphase.
4 Likes
what prevents the attackers to use the $5 wrench to get the password manager password if they plan to use that attack anyways??
1 Like
Btw, don’t write passwords down.
Password manager > Written down
2 Likes
But like how would you have a different complex password for 200 plus logins all in your brain? And 1password is very secure as long as your not an idiot and install malware
1 Like
Yeah, why would you not do it anyway? Even if you don’t have siblings etc.
1 Like
Thanks @Thuliiii, my password would somehow take “18 NOVEMDECILLION YEARS” from this website… https://howsecureismypassword.net/
1 Like
That is very very incorrect. It’s still an insanely huge thing (but yes 2fa helps)
Instead of removing a verification strategy, use a google voice number. If someone sim swaps you they don’t get your google voice number, so it’s a safer bet.
Signing out of all sessions also resets your cookies, which means if you were cookie logged you could get your account back.
I’ve been hacked once, and if I didn’t have a pin I would have lost my account.
Now, even though password choice must be decent, using a 60 char password doesn’t actually add any security to your account. Most hacking are going to be cookie logging, or something related.
To avoid getting malware/ransomware on your computer, don’t click on any links you don’t use regularly. Also, scan your computer for viruses at least once a week.
1 Like
Thank you, I use 3 layered security thanks to your advice: (1) Password, no password manager saving (2) 2FA (3) Parental PIN
1 Like