|
|
|
|
|
|
by WorldMaker
3324 days ago
|
|
|
Also, depending on threat model, a passwords.txt clear text file can be perfectly cromulent security that is better than many alternatives (password reuse, weak passwords). It's not going to stop people with physical access to your machine or attackers specifically targeting you looking for weaknesses in your documents. But vulnerability to some threat models is not vulnerability to all of them and it's okay to take a security stance with known vulnerabilities. Similarly with Post-It Notes and physical written Notebooks of passwords. If your threat model isn't concerned about people with physical access to those notes, and you are comfortable with the physical security of those notes, that can be perfectly acceptable for you, and an overall better security stance from bad passwords. "Don't write down your passwords", has always been bad advice, from that perspective. "If you write down your passwords, keep them safe" is slightly more accurate. |
|
|