From 6727c3087307c00f39f7f618f7fb1a42326595573a57d775c2da2f7ae91a6492 Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Thu, 28 Apr 2022 00:00:00 +0000 Subject: Initial commit --- content/post/use-a-password-manager.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 content/post/use-a-password-manager.md (limited to 'content/post/use-a-password-manager.md') diff --git a/content/post/use-a-password-manager.md b/content/post/use-a-password-manager.md new file mode 100644 index 0000000..8fb338d --- /dev/null +++ b/content/post/use-a-password-manager.md @@ -0,0 +1,27 @@ +--- +title: "Use a Password Manager" +date: 2022-01-09T00:00:00 +draft: false +--- +It's frustrating watching normies forget their insecure passwords. I've almost come to the point of refusing helping people recover accounts of forgotten passwords unless they also let me set up a password manager for them. If I don't, it invariably ends in them forgetting or misplacing their passwords again. + +A password manager is a program that remembers your passwords for you. The main idea is there's one master password you use to access all your other passwords. If you don't use a password manager for your passwords, excluding disk encryption, then you're doing passwords wrong. + +To make the best use of a password manager, the master password should be secure[1] and you should keep a backup of your password database. You should also use two-factor authentication. Just create a dedicated password database on a separate device only for TOTP codes.[2] That will make it very difficult for an attacker to break into your accounts. + +Be sure to use a free, preferably non-networked password manager like KeepassXC[3] for desktop and KeepassDX[4] for Android. Just don't use proprietary poo like LastPass. Passage[5] seems like a good option for power users. If you need your passwords synced on multiple devices, you can use a separate file-syncing program like EteSync[6]. + +I know exactly what some people are thinking: "I just use the same/similar password for everything. It's easier!". If this is you, you need a password manager. Reusing passwords for online accounts is extremely foolish. + +Password managers put all your eggs in one secure basket, or two baskets if you're using TOTP. Password reuse is the opposite. It puts all your eggs in every basket. If even one of the sites you use is compromised, all your accounts are doomed. Don't assume it won't happen to you. + +Secure your accounts before something happens. Use a password manager. + + +Link(s): +[1: CorrectHorseBatteryStaple](https://xkcd.com/936/) +[2: TOTP Security](https://keepassxc.org/docs/#faq-security-totp) +[3: KeepassXC](https://keepassxc.org) +[4: KeepassDX](https://www.keepassdx.com/) +[5: Passage](https://github.com/FiloSottile/passage) +[6: Etesync](https://www.etesync.com) -- cgit v1.2.3