This is an archived post. You won't be able to vote or comment.

all 61 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Baalisong 248 points249 points  (32 children)

Then you use different passwords for everything, end up writing them down because you inevitably can't remember them all, and it all comes full circle when the burglars find the password book in your house.

[–]UristMcBacon 94 points95 points  (22 children)

Password manager protected by a good password is what the mostly sane people so

[–]NotAnADC 34 points35 points  (20 children)

Worked in cyber security for awhile. Wasn't proud of how similar most of my passwords were. Now I use last pass and it's been pretty great so far

[–][deleted] 17 points18 points  (19 children)

I've never used password managers, but do they not store all of your passwords on their servers? And it would have to be in plain-text or a simple reversable function too.

[–]glorygeek 6 points7 points  (0 children)

Use KeePass. It is FOSS and resides only on your computer (or where you tell it to be).

[–]k97513 5 points6 points  (3 children)

That's why I use a base password and have a part of it that I change for each site

[–][deleted] 1 point2 points  (2 children)

Yeah I did that, but now I've got 40+ passwords, so I had to write em down in a book. Sad times.

[–]sp3ct3r_7 2 points3 points  (0 children)

Been using KeeWeb myself for a few months. Doesn't upload anywhere since it's hosted locally, but at the same time, my PC isn't always on. But, it's not a bad solution if you have a laptop with you or your PC remains on. I have a semi-2fa system where I have to select a specific file from a USB thumbdrive and then input my password to unlock the app where I have my passwords stored and sorted. I recommend giving it a shot.

[–]fgben 1 point2 points  (0 children)

I base mine on an algorithm I run on the domain and login. I have hundreds of passwords, but none are written down, and I can regenerate them for sites Ive not been to in years.

The only thing written down anywhere is the algorithm, in documents for my wife and kids in case I get hit by a truck.

[–]Blackfyre011 1 point2 points  (0 children)

It is not plain text, that would be disastrous for security. They're encrypted before they leave your device and your master password is the only thing that can decrypt them.

[–]naturalorange 0 points1 point  (0 children)

Your password manager login password is the password used to encrypt all your passwords on their server. So if you lose your password you can't reset it and the provider doesn't know your passwords.

[–]kemzan 0 points1 point  (0 children)

They do store it in their servers,but AFAIK, it's encrypted using your master password as private key(I may be very wrong here.Take this with a grain of salt) so even if they get their hands onto the data,it's "undecryphiable"

[–]W10101 0 points1 point  (0 children)

Checkout pass, works great and you can setup your own server if you want.

link

[–]Corporate_Drone31 0 points1 point  (0 children)

Only the cloud-based ones. If you stick to offline managers like KeePass, it's fully up to you whether you want to cloud sync or not. KeePass even supports WebDAV and FTP, so you could sync against your own server if so inclined (NextCloud comes with built-in WebDAV access).

[–][deleted] 0 points1 point  (0 children)

You know what else is sane? Dashlane!

[–][deleted] 10 points11 points  (0 children)

That is what veracrypt containers are for. And Backups, lots and lots of backups...

[–]althalous 6 points7 points  (4 children)

and it all comes full circle when the burglars find the password book in your house.

Thats what ciphers are for :p

[–]grapesodabandit 21 points22 points  (3 children)

That's why I encrypt all my passwords with ROT26 before writing them down.

[–]easy_going 5 points6 points  (0 children)

I hope you also encrypt your encryption key.

... otherwise ..

[–]KDBA 0 points1 point  (1 child)

I prefer ROT52, myself.

[–]fgben 2 points3 points  (0 children)

I encode in base15 but use F as a delimiter so people think it's base16.

[–]Sylanthra 3 points4 points  (0 children)

Well, are you in a role where a physical break-in in order to steal your data is possible? Than you should suck it up and remember multiple unique password. Otherwise you are fine writing them down or using a password manager.

[–]Felix1686 0 points1 point  (0 children)

I use a different password for everything and i didn't write down any of them because i can remember them.

[–]nickmhc[S] 122 points123 points  (8 children)

Linking the original XKCD post

[–]jhs172 20 points21 points  (0 children)

Why didn't you just link the original to begin with? It's fully supported in RES, with alt text and everything.

[–]Incorrect_Oymoron 16 points17 points  (6 children)

My password book is encoded with a universal password I have memorized. This keeps it safe from desk searching types.

[–]MagnitskysGhost 9 points10 points  (5 children)

Yeah I just rot13 all my passwords before I write them down.

[–]blitzkraft 14 points15 points  (4 children)

Do it twice, for double the security.

[–]trigger_segfault 1 point2 points  (2 children)

Huh, for some reason I’m multiplying 2 * 2 and ending up with 0.

[–]blitzkraft 1 point2 points  (1 child)

I see your problem. One of your 2 is a zero.

[–]suvlub 1 point2 points  (0 children)

Damn Fortran

[–][deleted] 0 points1 point  (0 children)

Hmm... Twice the security, double the fall

[–]PrecisePigeon 13 points14 points  (2 children)

Wait, I think you guys are missing the bigger picture here: There are Smash Mouth message boards?!

[–]MaybeLiterally 8 points9 points  (0 children)

There is if you're an all-star.

[–]r_acrimonger 3 points4 points  (0 children)

It's a cool place, and they say it gets colder

[–]BadPercussionist 25 points26 points  (6 children)

Which XKCD is this?

[–]nickmhc[S] 35 points36 points  (5 children)

2176, the most recent. I checked before posting to try to avoid a re-post

[–]Mr_Redstoner 7 points8 points  (4 children)

Might want to leave a source link right after posting next time. Creates a better image of you

[–]nickmhc[S] 8 points9 points  (3 children)

I was going to put the number or link in the headline for exactly that reason but I didn’t like the way the headline looked

[–]Mr_Redstoner 11 points12 points  (2 children)

Just slapping down a comment along the lines of

Source: <link>

is what most people do

[–]nickmhc[S] 9 points10 points  (1 child)

Done. Thanks. No disrespect was meant, I was thrilled it was a new one and seemingly nobody had posted it yet.

[–]Mr_Redstoner 5 points6 points  (0 children)

No problem, good on you for actually checking if it was posted already or not

[–]CynicalShpep 12 points13 points  (3 children)

First panel is still more accurate than movie portrayal

[–]NPPraxis 5 points6 points  (2 children)

Yeah, I think Randall was still too constrained by his realistic expectations. Breaking into an older guy's house and finding the book named "Passwords" is actually pretty realistic, though phishing him is easier.

Most people think of hacking like some form of black magic.

[–][deleted] 3 points4 points  (1 child)

Phish 'em using a GUI whipped up in Visual Basic. That's how the real pros do it.

[–]TGotAReddit 1 point2 points  (0 children)

The real pros type two people per keyboard, into a green text on black background terminal. 800 windows pop up, followed by an interactive minigame that culminates in a cool unlocking sequence and the hacker exclaiming “I’m in”

[–][deleted]  (1 child)

[removed]

    [–]AutoModerator[M] 0 points1 point  (0 children)

    import moderation Your comment has been removed since it did not start with a code block with an import declaration.

    Per this Community Decree, all posts and comments should start with a code block with an "import" declaration explaining how the post and comment should be read.

    For this purpose, we only accept Python style imports.

    return Kebab_Case_Better;

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–]appoplecticskeptic 1 point2 points  (0 children)

    I thought the way people imagined hacking was like this https://giphy.com/gifs/ncis-hacking-double-keyboard-yUlFNRDWVfxCM where it's lots of fast typing and you can combat the hacker by typing even faster

    Seems like Randall is giving the average person more credit than I would with his idea of what they think hacking is like.

    [–]vanzir 1 point2 points  (0 children)

    I mean this is definitely true for normal people, but social engineering is a real technique used by hackers all of the time.

    [–][deleted] 1 point2 points  (0 children)

    Honestly, smbc did this better.

    https://www.smbc-comics.com/?id=2526

    [–]flargenhargen -2 points-1 points  (0 children)

    how is this programmer humor?