Hacker News new | ask | show | jobs
by karxxm 1272 days ago
Definetly not true. This can be the best password in certain conditions. You should not put your "good" passwords to any shady site out there. You have no idea how passwords are stored on all these platforms one is registering to. If you can live with the fact, that an account may be hacked, then go for a super easy password if you want.
4 comments
theta_d 1272 days ago
You missed the joke. https://m.youtube.com/watch?v=a6iW-8xPw3k
link
LocalPCGuy 1272 days ago
Excusing the fact it was a joke, on the serious side, a person shouldn't have any kind of set of "good" passwords. They should just have secure passwords they have auto-generated and have some way of retrieving the password from where they are stored when needed.
link
nixgeek 1272 days ago
Or, just have a unique password for every site stored in a password manager, and then they can all be “good” passwords, with no big concerns about how they are stored!
link
grogenaut 1272 days ago
Other than your eggs in one basket password apps being hacked and exfiltrating them all which would never happen.

https://www.macrumors.com/2022/12/02/lastpass-hacked-second-...

link
nixgeek 1272 days ago
"Our customers' passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture."

I take your point but I'm not aware of any hack of a major provider which resulted in exfiltration of decrypted customer secrets. Providers often enumerate how they prevent exactly this scenario [1][2], but you'd be correct that if your endpoint were compromised, it's probably game over. To be fair in this scenario just typing in your password (not using a manager) would also be game over.

If you want other options, it is possible to self-host (i.e. Vaultwarden). Personally I've been using 1Password for a long time, and their "Families" offering [3] is exceptional for me and has meaningfully improved my family security since the UX is easy enough my loved ones don't find a unique password per site "a chore".

[1] https://support.1password.com/1password-security/ [2] https://1passwordstatic.com/files/security/1password-white-p... [3] https://1password.com/families/

link
grogenaut 1272 days ago
All it takes is a supply chain attack and it's all gone
link
darepublic 1272 days ago
If you are following the policy of unique passwords per login then there is no need for "saving up the good passwords".
link
karxxm 1263 days ago
Yeah, everyone in the world is tech savvy enough to work with password managers. Reality looks different, trust me.
link