Better to fix that than losing thousands of dollars to a hacker.

@Matthew Harrup whatever works is the best way.

That's why every site, at least every one I can remember having set up 2FA on, gives you a bunch of one-time use emergency passwords as a backup. Plop those into your password manager and have no worries.

NOT really. Its very easy to bypass.

That's why they give you back up codes that you can put in a secret drawer or hiding place

Thank u brother for sending me ur moms number my G 👊🏽

Lies again? Fail Security

@@NazriB Firstly your commentary is so interesting and deeply informative, thanks for sharing your thoughts! Secondly, you and Donie could totally be brothers. You guys look, literally, exactly alike!

I got tricked into giving access to my Google. usually wouldn't happen but I was busy/distracted when it happened. That gave them access to content of my entire password manager!

What are you talking about dude... My grandma uses Gentoo Linux with LUKS encryption and KeePass XC. Noobs.

Social engineering is an awareness issue it doesn’t take away from the overall benefits of using a password manager

Legislators are ignorant about this, will only make things worse. The problem can't be addressed only by legislation. For example, if you used an easy to guess password, who should be held accountable exactly? You? You can prevent some hacking but not all. The solution is technical, but requires industry wide adoption and for users to cooperate.

DON'T TELL ANYONE YOUR PASSWORD.

@UCyzWZ2e8Y0Hv4ADREMeunOQ everything gets “hacked”. Good security though involves the company storing your information in an encrypted way. Because of that even the password manager’s company doesn’t know your password, only your master password is able to decrypt it. If they get breached then they will usually tell you to change your master password as a precautionary measure even though it’s highly unlikely a hacker could do anything with the information they stole.

@@mborows2 I’m not entirely sure of the point you’re trying to make, but it really comes down to math. With 12 characters you’ve got decent protection. 16 is a pretty solid lower limit for some future proofing. The reason we don’t usually recommend more is that some websites limit you to something like 20 characters max, or even dumber a site will only take 72 characters max and not tell you that they truncated your password. The issue of salting and how the hashes are handled are on the password manager and the company you’re interacting with. Bitwarden is open source and security audited so we know what they setup is for storage and encryption.

Nope, not remotely. Use the SAME for everything, never let anyone see hear or have it, not anything but a legitimate login screen, NEVER 2FA, that shit is the MOST annoying thing on the planet because shit happens and people get new phones, but 2FA don't care, either you have the old phone to verify with, or you make a new account, ALWAYS use a VPN to protect your data, and client side, use MalwareBytes to protect from key loggers and trojans. The fact that people actually do what you're suggesting is so "excessive extra steps" it's dumb.

Bitwarden huh.... If LastPass wasn't greedy as hell .. they could have getting the recommendation.

dehashed is the site

@@jeanyvestheriault8362 You need a password to get into dehashed in order to find out if your password has been compromised #LogicBomb

Wow. Your browser is not very secure. Never let the browser save passwords. Use a password manager. Update: use a password manager that does not save your info online or in THEIR database or that connects to your database on your computer. A password manager that you download and keep on your computer. The devs never access it. The whole idea is to keep your private info PRIVATE. Seemed obvious when I wrote this but now I wonder because people are pretty stupid. There was recently an incident where hackers accessed lots of people's password databases BECAUSE THEY WERE ALL ONLINE. Holy shit. Think. THINK. Does it seem stupid to put all your passwords online? That's because it is.

How could your email service email you a security code to get into your email though? Gotta have a password somewhere.

Using an email security code instead of a password is not more secure. It only means that the attacker needs to hack into your email instead of that "no password" website. Once they do that, they can log into any websites that are secured only by an email code. Of course, once they crack your email, they can probably reset your password on most websites as well.

Not many articles about password safety mention them. Probably because they don't offer money for referrals. Everything is for sale, especially information.

having one company get all the passwords? ok

@@elmosweed4985 I use lastpass. I also have an "Open this when I'm dead" file which directs people to an envelope containing the master password.

@@elmosweed4985 Bitwarden is great and free. I recommend a 5 or 6 word random passPHRASE as the master password.

I still believe technology is flawed and anybody can get into anything if they want to the veil can always be pierced!! I am old fashion and I still like to write things down and have them tucked away where nobody can find them. If it’s on a password manager who’s to say it cannot be found? Makes no sense to me it’s the same as hacking a password.

Use a specialised password manager like Bitwarden, 1Password or KeePassXC. Their websites give detailed explanations of how they keep your passwords secure.

JOE PUTS A BREAK DOWN IN AMERICA

Just add a letter at the end: 1234a 😁

wow, I've got the same combination on my luggage.

In theory, yes. But the password manager you use is not directly connected to the internet which means the bad guys need to have physical access to your computer where the manager is stored. And for that they need to break in to your house, then have some way of knowing the password to your computer itself, and then know the password to the passwordmanager. Assuming you are not a high value target that's too much work for too little. Unless you are a politician, celebrity or otherwise a person of interest, or are being harassed, a hacker has little to gain from hacking you. It is a matter of threat evaluation. I'm guessing the locks on your house are good but not Fort Knox quality. They don't have to be, people who would see a normal house as a target would be deterred by normal good security. It is the same with computers.

In my previous reply I hadn't realized people use password managers on the internet. Those are a bit less safe because they are in the public domain and therefore easily accessable. That removes the physical access hurdle to the hackers. Then again, if you use a well designed password specific to the password manager and 2-factor authentication, it is better then nothing. Again it is a matter of making it too much work to hack your password manager, to be worth it.

Yes, they are a high value target and they have been attacked a few times (for example LastPass) but users’ password databases have never been breached due to the way their security is designed.

The less money you have, the more important every penny is to you. Also, do you have decent credit? That's also worth protecting.

Better password managers encrypt your info before it ever leaves your device.

Password managers give detailed explanations on their websites of how they secure your passwords.

How do you remember all of them?

@@avarmauk Write them on a piece of paper and keep it safe somewhere

@@avarmauk I have them written down. I love alone and have them on the house somewhere.

@@Steve30x 2FA can easily be bypassed.

@@Steve30x Love alone? Stop worrying about passwords and go socialize.

Password managers can be accessed online. Hardware failure or theft not an issue because it is encrypted locally. Just get on new device and log into your manager

Keep an encrypted backup of all your passwords in a few places. Even if your password manager disappears online, you'd still have them all.

You could also use an offline password manager like KeePassXC, which means that it doesn’t store your passwords online, they remain on your device.

@@hoopoe_ I worry about my device being compromised/hacked, which is why I use the removable drive

@@aulii11 I don’t know if KeePassXC can be installed on a thumb drive but it is certainly encrypted. If you use a spreadsheet, it should be encrypted and the password for that should be strong since thumb drives can easily get misplaced or stolen.

You don't sound sorry. You sound ignorant. There are lots of free password managers and they are the way to have safe passwords. Protect yourself. Or you might actually be sorry.

Yeah 2FA for anything important always

Yeah I was gonna say the same thing. I don't really give a shit if my social media gets hacked. Anything important uses 2FA and a code push to your device.

@@avarmauk 2FA can easily be bypassed.

@@kalijasin how?

Lol

Hey,Buck, I think that what you are doing is a really good idea and it's the same thing I have been doing. Staying as far away as I can from all the bullshit that supposedly is so wonderful!!! Old Twitter and old Facebook ( now Meta, I guess) can kiss my ass!!!! Thanks for your comment. Have a good day.

@Sean Embry thank you. I was think the advanced tech may not be compatible with older computers with less giga bytes.

@Sean Embry Thank you.

Password managers such as 1Password can generate one-time codes for multi-factor authentication. Or you can use separate apps like Authy, Google Authenticator, Microsoft Authenticator, or Yubikey.