Is using the same password everywhere really as dangerous as everyone says it is? I have a shitload of accounts all over the internet; so many that I don't actually remember them all. I lost track. I'm afraid that if one of them gets compromised, I'm completely fucked. There's no way I can remember unique passwords for each different account.
What are some good password management methods?
>>54936216
>Is using the same password everywhere really as dangerous as everyone says it is?
Yes.
>I'm afraid that if one of them gets compromised, I'm completely fucked.
that's exactly why.
>What are some good password management methods?
use a password manager. There's a bunch to choose from, local and cloud-based. They can all generate strong random passwords that you need not remember. All you have to remember is one password (the one for the manager)
>>54936273
Thanks.
Find one intro for your passwords and then use memorable second halves.
For instances
My passes
Followed by a delimiter followed by a unique password.
Mypasses$faceb00k96
Also, get a very small notebook. Back pocket small. Write your passwords in it. One hard copy. Dont lose it. Much more secure than you think unless you live in a very bad pickpocket city.
>>54936216
as long as the characters of your password are from disney, you don't have anything to worry about but the incompetence of the people you are trusting your password to.
if they store it in plain text, and get hacked, all your accounts would be fucked.
>>54936302
Is it OK to just write a bunch of different passwords down in Google Keep? Or is that not safe?
>>54936302
This. /thread
See lastpass for an example.
>>54936302
or just write your own random string generator (why are you trusting a third party app to generate and store your passwords) put them all in a text file and encrypt it.
>>54936216
>What are some good password management methods
If I ever forget my password I'll just send an email to the NSA asking if they can't help me out by looking it up for me.
>>54936216
Only if it's a weak password. If you have "ayy_lmao" as a password for all your online accounts then you should be worried. However if you have something like "&^(1ee7haXt0rbLt335onm4dick!!" then you're pretty safe across all accounts because hackers have to crack the hash of the password.
HOWEVER you can still be compromised if you have a shit service that stores your password in plain text. Then it won't matter if your password is 40 characters long. Once hackers get a hold of this password they have you by the balls.
Anyway as long as you have name brand services like google or yahoo then I wouldn't worry about it too much especially if your password is long and complex.
>>54936343
>However if you have something like "&^(1ee7haXt0rbLt335onm4dick!!" then you're pretty safe across all accounts because hackers have to crack the hash of the password.
Unless he gets malware that keylogs him while he types it, or monitors his clipboard. Then he's 100% pwned.
Encrypted .tar.gz with passwords in .txt format for each account.
Yes, It's dangerous. When DBs get leaked skids usually post them on search websites. People then use these search websites to crack passwords and gain access to your accounts.
>>54936343
>However if you have something like "&^(1ee7haXt0rbLt335onm4dick!!" then you're pretty safe across all accounts because hackers have to crack the hash of the password.
You're assuming that every site OP makes an account on is secured properly. Plain-text password storage is far from uncommon.
>>54936343
>as long as you use google or yahoo
these companies are terrible, why would you use them for anything but security purposes, and even if, people will rarely hack a really obscure secure email service like cock.li
>>54936216
Think about it. Imagine you password is written on a piece of paper and sealed in an envelop and that each site is like a person you barely know but you ask them to hold onto this envelop and to never open it and never look at it and that they should protect it from thieves that want to steal it.
- many will do this right and will securely stroe and protect your envelop
- some will straight up open your envelop and leave your password laying around for anyone to see (this is what happens when sites store your password in plain text or with weak encryption).
- some will be shady and purposely open you envelop and use it to fuck you up or sell it. (This is what happens when sites have disgruntled, compromised, or criminal employees)
- some will not give a fuck about protecting your envelop and leave the doors and window open all day and night and niggers will come in and steal it. (This is what happens when sites don't care about security, or are ignorant about security, or are too cheap or too undermanned to make security a priority)
So basically you can't ever really be sure that you can trust the site you give a password to. And if a password gets stolen at one place chances are the thief will try to use that same password on all your accounts. If you use a different password for each site you minimize the damage when a password is stolen.
