this post was submitted on 06 Dec 2023
151 points (96.9% liked)

[Outdated, please look at pinned post] Casual Conversation

6576 readers
1 users here now

Share a story, ask a question, or start a conversation about (almost) anything you desire. Maybe you'll make some friends in the process.

RULES

Related discussion-focused communities

founded 2 years ago
MODERATORS
Mysterious_Macaxeira@lemmy.world
shinigamiookamiryuu@lemm.ee
Bl4ze@lemmy.world
KaneLivesInDeath@lemmy.world
orangeNgreen@lemmy.world
neidu2@feddit.nl
151
Any company that still insists on forced password resets and frequent changes needs to learn about Social Engineering and Human Factors. (yiffit.net)
submitted 1 year ago by l_b_i@yiffit.net to c/casualconversation@lemmy.world
61 comments fedilink hide all child comments
 

These are the same companies that don't support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?

you are viewing a single comment's thread
view the rest of the comments
[–] droning_in_my_ears@lemmy.world 46 points 1 year ago (5 children)

I hate that stuff. Also websites that have lots of specific conditions for what a password contains. You're just increasing the likelihood of me forgetting it.

[–] Echo5@lemmy.world 15 points 1 year ago

I started using a password manager for a lot of my passwords. Works pretty well, it’ll generate criteria matching passwords for me. Also functions as a list of websites I’ve created accounts with.

[–] Bwaz@lemmy.world 13 points 1 year ago (1 children)

Forgetting it?? All you have to do is scribble it on a little slip of paper in your top drawer like 90% of people do. Very secure.

[–] BastingChemina@slrpnk.net 3 points 1 year ago (1 children)

Top drawer ! I think you it's still more secure than most of my colleagues. It's usually a post it on the monitor.

[–] bouh@lemmy.world 1 points 1 year ago

Post it on the monitor is for session password. For the 5 others, there is a txt file on the desktop!

[–] l_b_i@yiffit.net 11 points 1 year ago

And if you don't forget it, you'll use a simple one that's easy to guess or contains common substitutions, p@$$w0rd!. And then when you do forget it you'll call support who will reset it, and they get so many calls it will make taking over another account easier.

[–] DABDA@lemmy.world 8 points 1 year ago (1 children)

In case you haven't already seen it yet there's The Password Game to drive this point home

[–] l_b_i@yiffit.net 3 points 1 year ago

I don't think I've gotten past finding the correct length video. Getting that to work with everything else and keeping what's his face alive is just too much.

[–] iAmTheTot@kbin.social 3 points 1 year ago (2 children)

Use a password manager my guy

[–] thedirtyknapkin@lemmy.world 1 points 1 year ago* (last edited 1 year ago) (1 children)

on a work computer?

[–] Darkassassin07@lemmy.ca 1 points 1 year ago

You can use the manager on your phone to display the password you're having a hard time remembering sonyou can manually type it in, while still keeping it stored securely instead of just a plain text note on your phone.

You can also login to your password manager via web browser to copy/paste between it and login pages. Wouldn't be my choice, but it's an option. (not gonna enter my password vaults details on a work computer unless that vault only contains work logins.)

[–] droning_in_my_ears@lemmy.world 1 points 1 year ago (2 children)

I don't trust them.

[–] Darkassassin07@lemmy.ca 1 points 1 year ago* (last edited 1 year ago)

I didn't either, so I self-host mine via vaultwarden. My passwords never leave my own systems (unless being used to login ofc), except for transit between my server and client devices. That is encrypted before storage or flight then wrapped in tls for https and again for a vpn connection (also self-hosted).

[–] Blaze@discuss.tchncs.de 1 points 1 year ago

Even locally? https://keepassxc.org/ can be an option