|
|
|
|
|
|
by gvb
3300 days ago
|
|
|
It was never a good idea. What it is is better than some really horrible alternatives. The horrible alternatives are having users pick their own weak passwords and use the same password for every site they log into. This is an especially bad problem with large companies which have a lot of unsophisticated employees and a lot of employees that simply don't care about security. The worse alternatives is where the "top passwords" lists come from... those lists are from people that are not using any password store: https://www.google.com/search?q=top+passwords+2017&ie=utf-8&... The most horrible alternative I've seen: I once worked with a person who used his Outlook "contacts" as his "password manager." I discovered that after he quit and I was deactivating his accounts. Not only did he use Outlook "contacts" as his "password manager", but his passwords were discoverable (based on readily available personal information), guessable (e.g. pa$$word), and heavily reused either directly or as minor variations. |
|
|