• gradyp@awful.systems
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      11 months ago

      I had an identity theft a few years back, still cleaning up from it. At the time I had the typical set of standard passwords that I would use. I thought they were ok since they were pretty random but I had one for Financial, one for Web Services, etc. so of course when the creds leaked, I suddenly had a bunch of credit card bills I never signed up for…

      Since then, every password is unique, my default is 31 characters, and 2-factor for everything possible. Unfortunately I initially settled on LastPass, figured that they had hopefully learned their lesson from their breach years ago. Then it happened again recently and I moved to Bitwarden so that I can eventually migrate to a self-hosted solution.

      I’ve been trying to get my family on board for years but it’s still too complex. Non-technical folk still will take the path of least resistance, even when the dangers are right in front of their face. We need something better.

      • StrawberryPigtails@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        11 months ago

        Keepass is probably the most secure, but was a pain for multi device / multi OS users last time I used it.

        Currently I use Bitwarden. You can either use their backend or you can self host. Cross platform, multi device support, 2FA support.

        • evranch@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          ·
          11 months ago

          I use Keepass with Syncthing as the sync backend. Syncthing comes as a Docker container these days and sets up in seconds, I like how it doesn’t rely on a central server and gives you some redundancy.

          Also, Keepassxc is a rewrite with better integration, true cross platform support and more features, keepassxc.org

          • StrawberryPigtails@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            I don’t know much about them to be honest, and what little I have heard sounded like it was paid for. My knee jerk reaction is to avoid them. Maybe they’re decent, maybe not. Couldn’t say.