2

u/theonlineviking 5d ago

Bro, this is just plain wrong. You do know that a single lapse in judgement is all you need to get your PC compromised, right? This is also valid for experienced PC users, especially anyone that codes or uses GitHub, or someone that occasionally dabbles in unauthorized acquisition of content. Inexperienced people are at the biggest risk, cuz they will definitely click on a malicious ad or follow some shady instructions on the screen.

Once you've let any sort of unauthorized stealer run on your local machine, all the cookies and unencrypted password(s) are swooped up.

Most importantly, the only way to keep safe in your example is to have cookies be deleted every time, and you have to log in every day multiple times to the same websites. Manually typing the username and password more than 5 times a day is already insanity imo.

So, TLDR: use a password manager, ideally something offline, which you can then sync up with all your devices. It saves you money, and makes your passwords unhackable, given all the recent hacking scandals with Bitwarden and other online password managers.

1

u/T1gerHeart 5d ago

Personally, over 25 years of working directly with computers, I believe I have enough experience to avoid clicking on any dubious links or following any dubious instructions. I don't even own a PC—I don't even need one anymore, since I have a tablet. Yes, an offline password manager might be a little more convenient, but I've been doing without them for about 10 years, ever since I became a mobile-only user. I don't use virtual credit cards or make online payments. That is, I've never entered my bank account information online. However, I might need to do so in a while. Once I figure out which of our banks is processing payments on AliExpress, that's the only thing that might interest me. But for such payments, I'll specifically clean and scan my smartphone as thoroughly as possible. So, no—I don't need any password managers. The only app I can't live without is MyTree Notes. By the way, it also replaces a password manager. But it's still impossible to hack unless the attacker gets hold of my device.

2

u/Jesus_ecs My English is bad 4d ago

CIA hands wrote this

1

u/T1gerHeart 4d ago

Don't talk rave. Your CIA doesn't have enough shit in its ass. I'm from the "STaSI" and "ZOPO" in one time.... /S.

1

u/T1gerHeart 4d ago

Why am I arguing with you all? It seems like it's about your case in my country that they say: "Even if you pee in their eyes, it's all God's work." "Hasta la vista". (M).

1

u/Parka2236 5d ago

This assumes that brute force is the only threat to passwords. In the event of a heck of anything every service you use would be compromised by this approach 

-4

u/T1gerHeart 5d ago

Can you name any other ways to crack a password of this length (24-32+ characters!!!) in recent / actual times? However, I've only described one possible way to bypass password managers. There are plenty of others that are more resistant to hacking.

2

u/Parka2236 5d ago

I wasn't clear - the concern is a hack of the company (or whatever) and leak of passwords and login details. If they are using best practice this will be less of an issue, but the fact that there are frequent password dumps shows that there is a very real risk that some place you use your super secure password will get hacked and then they have your password for everything

-4

u/T1gerHeart 5d ago

In this case, it's preferable to use a password consisting of a completely random set of several groups of characters (like a random "phrase" of 3-5 words, but without meaning). Just Google how long it would take to crack such a password. And in most of the cases you're talking about, the data leaks occurred not due to direct password hacks, but for other reasons.

0

u/mickdrop 5d ago

You don't seem to get it. You can use a password as complicated as you want, but if one website disclose it, then it will be tried in all your other accounts for other services. For instance, if you create an account to merchant website with this password and it becomes public, this same password will be tried on you email account, your banking account, etc. That's why people recommend to use a different password for each service, and that's why you need a password manager.

1

u/T1gerHeart 5d ago

Im not use online PMs in any case. Following basic network security rules is sufficient, and there's no need for any hacks or apps. If someone is overwhelmed by paranoia, they could come up with a dynamic password generation algorithm. It would be universal—passwords would be different, but generated using the same algorithm. Then, all you need to remember is the algorithm itself, and you don't even need to remember passwords, just logins and email addresses if you used different ones when registering. Once again, all these online password managers are hacks for the lazy.