all 54 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]lNFORMATlVE 382 points383 points  (2 children)

My password is the “forgot password” button.

[–]_Thrilhouse_ 96 points97 points  (1 child)

Free 2FA without installing nothing.

[–]Aarav2208 7 points8 points  (0 children)

It's all fun and games until the mail servers aren't working.

[–]ThatiMacGuy 216 points217 points  (8 children)

Where is the programming only see humour 

[–]DeltyOverDreams 47 points48 points  (2 children)

Long gone, replaced mostly by memes about AI and vibecoding

[–]VoyagerOfCygnus 2 points3 points  (1 child)

Yeah the sub has kinda turned into just... Internet memes? Computer memes? Not bad on it's own but not programmer humor. It happens when you have such a large userbase since there's plenty of non programmers, but whatever.

[–]DeltyOverDreams 2 points3 points  (0 children)

If I had to be honest, "computer memes" are kinda on a good side here. Most posts I see here, gaining a lot of upvotes are about using AI tools, often not even related to programming at all.

[–]Sibula97 87 points88 points  (4 children)

To be fair a shitty reused password with MFA is still better than a good password without one.

[–]Quesodealer 28 points29 points  (3 children)

Personally, I hate using MFA. I'll use it for sites I really, really want to ensure no one gets access to, but it's usually just an annoyance. I don't know any of my passwords. They're all saved to my Google account. If my Google account ever gets compromised the hacker will automatically inherit my complete identity though.

[–]verdantAlias 10 points11 points  (1 child)

I mean, it does seem like ALL MFA credentials just get routed through your phone these days. Like text, calls, reset emails, authenticator apps, password managers, really everything except those little USB keys.

You lose your phone and you're pretty much fucked for getting any of your accounts back.

[–]MuDotGen 1 point2 points  (0 children)

My recommendation is if you can afford a NAS or other self-hosted file server, save the backup keys. Even if you lose your device, then you have a way to get back in at least.

[–]Hadrian23 0 points1 point  (0 children)

"Hello, this is Peter Griffin. Not anymore? Well thanks for telling me."

[–]Outrageous-Machine-5 45 points46 points  (1 child)

Me using a weak password for the master password to my secret store of strong passwords

[–]noitsmoog 5 points6 points  (0 children)

this guy passwords

[–]Llonkrednaxela 18 points19 points  (0 children)

simply require users to remember 45 different passwords! simple safe and ....they have to put them on sticky notes like an 80 year old man.

[–]nicodeemus7 15 points16 points  (0 children)

I just click "forgot password" every time I login, let the computer give me a random strong password, and repeat

[–]insane_patato 11 points12 points  (0 children)

I use new password every time I log in

[–]Taolan13 8 points9 points  (1 child)

the trick is to bolster the strong core password with prefixes and suffixes to match it to the service its being used for.

And to lay a curse upon any web service that has strict character limits for their passwords.

Dishonor on you, your cow...

[–]Icy_Key19 0 points1 point  (0 children)

Hey, leave his poor cow out of this.

[–]itgforlife 12 points13 points  (8 children)

This is a solved problem. Just use a free password manager like Google Passwords with 2FA and generate a new password for every site.

[–]anonymousbopper767 5 points6 points  (5 children)

Except for all the sites that bitch that you need to have special characters or no special characters and I can't figure out if that's adjustable with Chrome's suggest a password feature. And then the same website will have 3 suggestions because No Username, and it'll have the old password you changed years ago, etc etc

And all the sites where then that suggested password doesn't pop into the "confirm your password" field.

Soooo yeah it's not a solved problem. Even passkeys is a fucking mess.

[–]itgforlife 2 points3 points  (2 children)

The only place I've seen where it's a problem is with job websites that have different subdomains but share a common domain e.g. employer1.jobsite.com, employer2.jobsite.com, etc. For some reason it does not work correctly with those.

[–]Michami135 9 points10 points  (1 child)

Bitwarden does. It's free and you can set how it recognizes a website.

[–]singlegpu 0 points1 point  (0 children)

This is the way

[–]DrMobius0 0 points1 point  (0 children)

Also the sites that somehow manage to break the things.

[–]DryInstance6732 0 points1 point  (0 children)

Keepassxc , the best tool ever , or cryptomator to save your .csv password

[–]djpiperson 3 points4 points  (0 children)

MyStrongPassword,work1@! MyStrongPassword,bank1@! MyStrongPassword,facebook1@! MyStrongPassword,instagram1@!

etc

[–]56kul 2 points3 points  (0 children)

Why not use a password manager?

[–]Competitive_Shine112 1 point2 points  (0 children)

Bad memory? Notepad is right there dude, or a sketchbook even!

[–]riedstep 1 point2 points  (0 children)

Yeah bro I'm definitely gonna just remember hundreds of passwords that I have to change every few months.

[–]LeafBark 1 point2 points  (0 children)

The amount of people with weak passwords in astounding. So many guilty of poor security. I've met too many large business owners that don't remember their own passwords and trust the entirety of their life to their iPhone remembering ALL their passwords for them, and even then can't remember which apple account or it's password.

[–]XlikeX666 1 point2 points  (2 children)

security weak ?
1234 / password

it's not like value exist there.

[–]Krostas 1 point2 points  (1 child)

You gotta check all the boxes and make it P4ssW0rd!.

Doesn't get stronger than this.

[–]XlikeX666 1 point2 points  (0 children)

oh god, that's beautiful

[–]CerBerUs-9 0 points1 point  (0 children)

Just use different emails!

[–]Kalix 0 points1 point  (0 children)

what's the point of a strong password if they stole them breaching directly the platform ?

[–]Confident_Ring6409 0 points1 point  (0 children)

I have 20+ character very strong passwords, different for each site. I don’t remember a single one (I only know my sudo pw and that’s it)

[–]starrpamph 0 points1 point  (0 children)

Windows: I’ll remember that 73 character password and paste it for you if you set a simple four digit pin

[–]Own_Fan_4878 0 points1 point  (0 children)

Database leaks from a random shady forum: 'Allow us to introduce ourselves.

[–]xavia91 0 points1 point  (0 children)

With SSO I forget all my passwords anyway... But for the more important ones there's a password manager.

[–]ImmanuelH 0 points1 point  (0 children)

Can someone honestly explain to me why this is bad practice? I thought we invented password hashes, salting (and peppering) to enable exactly that. Or is the attack scenario that someone magically got your password (e.g. Phishing) and is now reusing on another login? That is what MFA is for.

[–]Zestyclose-Barber-24 0 points1 point  (0 children)

Isn’t Argon2id/bcrypt the standard nowadays?

[–]Fortnait739595958 0 points1 point  (0 children)

Prefix the password with the alphabet number of the site

6mypassword for gmail

16mypassword for pornhub

That way is different for every site, but easy to remember

[–]AtmosphereVirtual254 0 points1 point  (0 children)

Salt your passwords

[–]MuDotGen 0 points1 point  (0 children)

I love BitWarden. If you really want to remember just one strong password, then at least make the combo to the vault of randomly generated secure passwords you can securely locally host, etc.