From f46de752e0139dd2b09a65eeeaf85ddf5dc98fe49c83d85d5d9ea39252c69619 Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Wed, 15 Feb 2023 00:00:00 +0000 Subject: Convert refs: use-a-password-manager --- content/entry/use-a-password-manager.md | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/content/entry/use-a-password-manager.md b/content/entry/use-a-password-manager.md index 417bd83..762e49f 100644 --- a/content/entry/use-a-password-manager.md +++ b/content/entry/use-a-password-manager.md @@ -2,27 +2,17 @@ title: "Use a Password Manager" date: 2022-01-09T00:00:00 draft: false -makerefs: false --- It's frustrating watching normies forget their insecure passwords. I've almost come to the point of refusing helping people recover accounts of forgotten passwords unless they also let me set up a password manager for them. If I don't, it invariably ends in them forgetting or misplacing their passwords again. A password manager is a program that remembers your passwords for you. The main idea is there's one master password you use to access all your other passwords. If you don't use a password manager for your passwords, excluding disk encryption, then you're doing passwords wrong. -To make the best use of a password manager, the master password should be secure[1] and you should keep a backup of your password database. You should also use two-factor authentication. Just create a dedicated password database on a separate device only for TOTP codes.[2] That will make it very difficult for an attacker to break into your accounts. +To make the best use of a password manager, [the master password should be secure](https://xkcd.com/936/) and you should keep a backup of your password database. You should also use two-factor authentication. Just create a dedicated password database on a separate device only for [TOTP codes](https://keepassxc.org/docs/#faq-security-totp). That will make it very difficult for an attacker to break into your accounts. -Be sure to use a free, preferably non-networked password manager like KeepassXC[3] for desktop and KeepassDX[4] for Android. Just don't use proprietary poo like LastPass. Passage[5] seems like a good option for power users. If you need your passwords synced on multiple devices, you can use a separate file-syncing program like EteSync[6]. +Be sure to use a free, preferably non-networked password manager like [KeepassXC](https://keepassxc.org) for desktop and [KeepassDX](https://www.keepassdx.com/) for Android. Just don't use proprietary poo like LastPass. [Passage](https://github.com/FiloSottile/passage) seems like a good option for power users. If you need your passwords synced on multiple devices, you can use a separate file-syncing program like [EteSync](https://www.etesync.com). I know exactly what some people are thinking: "I just use the same/similar password for everything. It's easier!". If this is you, you need a password manager. Reusing passwords for online accounts is extremely foolish. Password managers put all your eggs in one secure basket, or two baskets if you're using TOTP. Password reuse is the opposite. It puts all your eggs in every basket. If even one of the sites you use is compromised, all your accounts are doomed. Don't assume it won't happen to you. Secure your accounts before something happens. Use a password manager. - - -Link(s): -[1: CorrectHorseBatteryStaple](https://xkcd.com/936/) -[2: TOTP Security](https://keepassxc.org/docs/#faq-security-totp) -[3: KeepassXC](https://keepassxc.org) -[4: KeepassDX](https://www.keepassdx.com/) -[5: Passage](https://github.com/FiloSottile/passage) -[6: Etesync](https://www.etesync.com) -- cgit v1.2.3