The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

You are viewing a single thread.
View all comments View context
45 points

I wish more websites allowed random words as passwords instead of forcing numbers and special characters (but not THAT special character, you have to use one of the ones on this list).

People change their passwords by one letter or digit because they’re tied to these restrictive formats. If 5-6 random words was the norm, people would update more than just one character when needing to change passwords.

“poison navy series ruler handshake papaya” is a fantastic password.

“Ilovemygrandkids!123” is a horrible password.

permalink
report
parent
reply
29 points

Just use a password manager and a unique, long, random generated password for every site. There’s no need or reason to know the password to anything other than your password manager and your primary email.

permalink
report
parent
reply
9 points

in like a decade the use of a password manager will be a bad idea. i don’t know how but it will be.

permalink
report
parent
reply
14 points

Hmm, a single point of access for every password you have? I don’t see the problem…

permalink
report
parent
reply
20 points
*

You know somebody has to link this.

https://xkcd.com/936/

permalink
report
parent
reply
3 points

That’s why I use IncorrectBatteryHorseStaple

They’ll never figure that one out

permalink
report
parent
reply
0 points
permalink
report
parent
reply
12 points

You immediately know that they’re not handling your passwords correctly when they block certain characters.

permalink
report
parent
reply
5 points

Agreed! I also think that the next steps would be getting rid of the need for users to even know their own password and instead replace with other securities like biometrics (with sufficient permutations possible to match or exceed passwords) and a physical device or something else entirely that removes the need to let the user in on what the exact password is

permalink
report
parent
reply
3 points

Tools like Bitwarden will let you fairly customize the randomly generated password it makes. You can tailor it to not use certain characters for those sites that don’t allow it. And each vault object can be customized like that independently so you don’t compromise all your passwords by not allowing _ or (, you can also have it do pass phrases like you gave an example of

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 12K

    Posts

  • 543K

    Comments