Probably a boring answer but I know my grandmother’s credit card information. I live with and help take care of her, so she doesn’t mind sharing it with me. Not like I’m planning to do anything nefarious, but I guess technically it could ruin her financially.

  • MentalEdge@sopuli.xyz
    link
    fedilink
    arrow-up
    72
    ·
    edit-2
    1 year ago

    I have a lot of relatives who look to me for tech support. I used to have them choose their own passwords, or tell them to change it if I set one for them (they never change it). Then, inevitably, I’d have to help them reset those passwords the very next time they need to log in on a new device, or their sessions expire.

    I tried to set them up with password managers, and some picked it up (my siblings). Others quickly forgot their master password, meaning I then had to sort out recovering ALL their various accounts.

    Once I literally used a known exploit to hack into an old android tablet that my youngest sibling managed to forget the screen-lock for.

    Now I just shamelessly save a bunch of other people’s passwords, pin-codes and other access details using my password manager, because they literally do not care. And it’s straight up more secure than the post-it notes some of them would use if I let them. They know I do this, I’ve made it clear that if they want my help but won’t follow my advice when I’m not there, making my life harder, further help comes with giving me unreasonable levels of access to their digital lives.

    I’ve never misused it, and I never will. I take steps to be extra secure because I know I’m a single point of failure should my password database ever be breached somehow. But I could ruin dozens of lives.

    • ebc@lemmy.ca
      link
      fedilink
      arrow-up
      25
      ·
      1 year ago

      Writing passwords down isn’t that bad, actually. We humans are very good at securing little pieces of paper; just put the one you wrote your password on with the other valuable pieces of paper, in your wallet.

      It’s “sticking the post-it note to the computer screen” that’s the problem.

      • shalafi@lemmy.world
        link
        fedilink
        English
        arrow-up
        20
        ·
        1 year ago

        Picked up a keyboard from the thrift store with a pink Post It on the back.

        user: admin

        pass: password

        Who the hell needs to write that down?!

        • NathA
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          My Internet help desk days are over 20 years behind me, but that’s the default user/password combination for some consumer routers. D-Links and maybe Netcomms I think?

          As for who needs it: you’d be surprised at how technically inept some people are. It’s truly amazing.

      • MentalEdge@sopuli.xyz
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Absolutely, but unless you do stick it to the monitor, you still rely on them remembering where the note is, what it’s for, and keeping it around.

        And keeping some passwords in your wallet is only safe for as long as you don’t also include what they are for. Which would be necessary in this case…

        I obviously also forbid them from using the same password for everything, which meant that even when they did write their passwords down, finding it was a scavenger hunt that’s an even bigger time-waste than a password reset. Because they never kept them organized or in even in one place!

    • PlexSheep@feddit.de
      link
      fedilink
      arrow-up
      10
      arrow-down
      1
      ·
      1 year ago

      Just in theory, could you be held accountable if they did something illegal and you have access to that stuff?

      • folkrav@lemmy.ca
        link
        fedilink
        arrow-up
        12
        ·
        1 year ago

        I’m not sure I see the scenario. If I gave you the key to my place then I murdered someone in it, are you accountable for any of it?

        • lattrommi@lemmy.ml
          link
          fedilink
          中文
          arrow-up
          5
          ·
          1 year ago

          Here’s a scenario: You have the password to my paypal account. The police arrest me for an unrelated public indecency charge after I urinate on the local government courthouse building. The account is then used to purchase illegal drugs from another country while I am in custody. Having no access to my account or the internet, I could not have made the purchase. The police learn of this purchase when customs detects a strong odor from a package and decide to inspect it, finding a massive hoard of marijuana and jenkem. the police are alerted and ask me, the account owner, who else has access to the account. Me, under duress and probably having shitty withdrawals, tell them everything i know about you, specifically things that might implicate you. As the only known person with access and having no alibi for the time period, you are then arrested for suspicion of involvement in an international crime ring. After searching your computer they find a VPN and TOR and then you are sequestered in a secret military prison and forced to do the chicken dance naked until you confess to every unsolved crime ever.

          While this scenario might be far-fetched, hyperbolic and not really accountability per se, it is a plausible worry some people may have. Just playing devils advocate here.

      • MentalEdge@sopuli.xyz
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        Self-hosted and entirely under my control, yes. Any other manager that encrypts the store in a way where even when breached it’s not useful, should also be safe…

        But truly knowing is best.

        • Jolteon@lemmy.zip
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          The problem with that is that you can never truly know that they actually do that unless the clients are open source.

    • xmunk@sh.itjust.works
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I set up my mom and brother with a multivault password manager (1password) where our vault passwords are saved to a shared vault in case we forget our passwords/die - given the level of familial trust I think it’s an acceptable risk especially with how badly we got burnt by trying to get into utility accounts and the like after my father died.

      • MentalEdge@sopuli.xyz
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        BitWarden does have something similar via “backup access” and “organisation” vaults. I’ve not looked at setting up either, yet.

        • scarilog@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Bitwarden is kinda insane for the amount of features it offers. I recently found that you can create an organisation and add family members, and have it set up so that you can reset their password if they’ve forgotten it, while still securely encrypting the passwords. This was a really cool feature that I didn’t know was even possible.