this post was submitted on 24 Dec 2024
95 points (98.0% liked)

Asklemmy

44160 readers
1539 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

Thought about it, snce it's near New Year's.

In my opinion, exercising/training/stretching atleast once a week would be a good thing for most people.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] absGeekNZ@lemmy.nz 49 points 3 days ago (1 children)

Just use a password manager, FFS it makes all of your online interactions safer.

Once setup, it is easier than not using one.

[โ€“] Achyu@lemmy.sdf.org 9 points 3 days ago* (last edited 3 days ago) (5 children)

Which app would you recommend/suggest?

[โ€“] deczzz@lemmy.dbzer0.com 4 points 2 days ago (1 children)

Have used LastPass before it was shit, self hosted bitwarden and KeePass synced with nextcloud (whatever cloud service works). I ended up using KeePass with nextcloud and set KeePass to automatically save changes. Use it on Android with KeePassDX that also includes auto fill across apps. KeePass doesn't require much setup whereas you need to setup server with bitwarden. Also had some weird sync errors with bitwarden. Having said that, bitwarden is a great piece of software.

[โ€“] stinky@redlemmy.com 1 points 1 day ago (2 children)

Doesn't hosting your password database in the cloud make it vulnerable to cracking? If it transmits across a network, then an ISP (at the very least; this assumes no malicious actors) will have seen it, and you can no longer be certain no one else has access to it.

[โ€“] deczzz@lemmy.dbzer0.com 1 points 1 day ago

Yes it does but it's a chance that I'm willing to take as I find it extremely u likely to happen. And if it happens all my important logins requires 2FA/TOTP anyway. I put my trust in encryption. You can use syncting to keep it all local if you want to avoid transmission over the web.

[โ€“] Baguette@lemm.ee 1 points 1 day ago

https://bitwarden.com/help/what-encryption-is-used/

I don't know about other password managers, but Bitwarden handles your password pretty well. Of course, if someone has access to your local machine, then it'd fail, but at that point everything is compromised.

[โ€“] CybranM@feddit.nu 3 points 2 days ago

KeePass is open source and is easy to sync via whatever service you use, Google Drive, Dropbox, OneDrive or something.

[โ€“] otterpop@lemmy.world 28 points 3 days ago

Bitwarden is the best in my opinion

I'm seconding Bitwarden. I'll also say that whilst self-hosting (if one can do it securely) may be more secure than using a service, security is always going to be a sliding scale trade off of convenience and security.

I recommend Bitwarden to everyone, but I'm sure there are options that are probably equally good. But most people could probably benefit from a password manager because we have so many different services demanding we make accounts that I reckon it's next to impossible for any reasonable person to avoid reusing passwords across services (that's one of the biggest security risks that hit regular people).

Start up tips: make sure your master password is strong and memorable. I found Bitwarden's password generator for this. A passphrase tends to be more memorable than an equally long password โ€” a good master pass phrase would have at least four words (four is sufficient for most people). Write this down in a physical place, as a backup, ideally not your wallet. it doesn't necessarily need to be locked away, just make sure you'll know where to find it if you forget it (I forgot mine a bunch at first and had to reference my backup a few times).

Password managers and security in general can feel overwhelming because of the instinct to do things properly, which might include things like self hosting a password manager, or only avoiding biometric sign-in on the phone app version rtc. However, the best password manager is one that you use, and if bits of convenience like this help, then it's a good trade off.

It reminds me of the joke about two people who see an angry Grizzly bear in the forest, which starts charging at them. One of the people starts running away, and the other shouts "Where are you going, you'll never outrun the bear". The running person replies "I don't need to outrun the bear, I just need to outrun you". That's a bad paraphrase, but the sentiment is that using a password manager at all puts you way ahead of many people, in terms of security. Obviously, you'd feel more secure if you knew you could outrun the bear, but if we spent too long being anxious about our ability to do that, we definitely will get eaten. (Apologies for such a long comment. I always do this when I'm procrastinating going to bed. I hope you have a nice Christmas, if you're celebrating that wherever you are.)

[โ€“] absGeekNZ@lemmy.nz 14 points 3 days ago

I use keepass XC, and keep it up to date on all my devices using syncthing.

I have considered bitwarden with self hosting, but keepass had always worked well.