Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%). These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse … More → The post Most people still rely on memory or pen and paper for password management appeared first on Help Net Security.

  • NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    11
    ·
    7 months ago

    If you’re writing down your passwords for personal use, and you keep them collected in a notebook or something you’re fine. If a bad guy has broken in to your home where they would have physical access to your notebook, then you have much bigger security problems than having your passwords compromised. Keeping a physical notebook of passwords would be much safer than keeping them in a file on your computer.

    Password reuse is a much bigger security problem than writing your passwords down.

  • Aussiemandeus
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    Not me, I’m dumb make up all my passwords.

    Then I write them into a note file on my phone locked behind another password.

    I’m sure it’s not safe

    • BatrickPateman@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      You are close though. Get a real password manager and you have them saved plus more security, and convenience on top when entering them in apps etc.

      • Aussiemandeus
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        7 months ago

        Yeah I just don’t trust a password manager entirely. They get hacked and it’s done.

        Same as the service where they supposedly requeste all your private information be removed so you don’t get scam calls and emails etc anymore.

        Probablem with that is its subscription and when you finish paying the subscription I’m sure they would sign you back up

        • BatrickPateman@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          7 months ago

          Besides there being trustworthy ones, there is also the option to selfhost one and only expose the service to the WiFi. E. g. Bitwarden. Means you can only sync at home, but still better than a bloody text file.

          Or use Keepass for a filebased vault and sync that with Syncthing. With browser addons and autotype it is still way better than copy and pasting passwords from a file, using the clipboard.

        • Renegade@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          I second keepass. It’s running in at least half the secure environments we all rely on anyway.

    • NaibofTabr@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      Nothing wrong with this as long as you’re using a reasonably secure email service for the account recovery. All of those other accounts are only as secure as the recovery process anyway.