Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
Protip for the room: Use a password manager with a unique password for every service. Then when one leaks, it only affects that singular service, not large swaths of your digital life.
Also 2FA. You’ll still want to change passwords but it buys you time.
Also, length is most of what matters. A full length sentence in lowercase with easy to type finger/key flow for pw manager master, and don’t know a single other password. Can someone correct me if I’m wrong?
I’ve found that there are a handful of passwords that you need to remember, the rest can go in the password manager. This includes the password for the password manager, of course, but also passwords for your computer/phone (since you need to log in before you can access the password manager), and your email (to be able to recover your password for the password manager).
You are also correct that length is mostly what matters, but also throwing in a random capitalization, a number or two, and some special character will greatly increase the required search space. Also using uncommon words, or words in other languages than english can also greatly increase the resistance to dictionary attacks.
Okay, but hackers don’t have to know whether I used special character or just lowercase? Or am I stoopid?
As always, the most secure password is the least convenient and accessible. It’s a trade off, but you want fewer dictionary words and patterns overall. Preferably with a physical component for the master password.
Longer is better…giggitty.
I use a “password pattern”, rather than remembering all the passwords, I just remember a rule I have for how passwords are done, there are some numbers and letters that change depending on what the service is so every password is unique and I can easily remember all of them as long as I remember the rules I put in place
deleted by creator
And when that password manager gets cracked?
Yes and no; they have their own issues:
https://cybersecuritynews.com/hackers-weaponize-keepass-password-manager/
Don’t download shit from random websites… make sure its from legit places…
My university, 23andMe, Transunion, Equifax, CapitalOne, United Healthcare…
You shouldn’t download KeePass from any of those.
Legit means the keepass website… those are not legit places to download the password manager
Yeah UHC sold my data as soon as I was put under their coverage. Now I get so many phishing emails pretending to be from UHC.
These kinds of breaches are at the site level. Not much you can do as a regular user if the company doesn’t hash or salt their passwords, for example.
Not from what the article says
Oh, so don’t use unique passwords? Sure buddy.
deleted by creator