Not a true greentext but I hope I have captured the spirit of it. (First time I wrote smth like this, don’t be harsh on me. >w<)
Use a password manager. Won’t forget passwords anymore.
proceeds to generate password for each service and forget the master password
just use a password-manager-password password manager for the password manager password
Also, you don’t need to write it down correctly, if you remember what’s the missing or different or fake bit. And you can write down a few decoy ones next to it. Or have it in two different places. Lots of room for obfuscation along with some good old fashioned physical security on where you store the note. And the backup note off-site, if you’re that kind of person.
Hell, just make some extra decoy ones just for fun and practice.
just make the password a little story you can remember, e,g. “Carl+Lenny:go2a bar&spend$$$”
My strategy for this is to have a second password manager available on a couple old devices, accessed with biometrics (fingerprint in this case), and only the master password saved within it.
I considered saving it within the main manager itself, since I have devices where I can use biometrics rather than password, but that feels like a bad idea.
Has definitely been a life saver
why is life like this?
Because someone else getting access to your email account nowadays is worse than losing your wallet, phone and keyring, combined.
why is life like this?
Because the whole thing started with anon forgeting their password, the solution for which should be complicated and secure, which it is.
I locked myself out of my main email account once.
I had set it up in the year 2000, when people didn’t have mobile phones, so they sent a letter to your home address before they activated it.
In the meantime, I had moved 11 times, updated my personal info on the site a few times, but never added a phone number or recovery mail address.
So when I called the hotline and they asked me for my address to confirm I’m me, that was a hard one to answer. But I actually got it right in the second try, which was good enough.
The new issue is that I don’t remember the password for DICK. I know the password to like, my password manager, on a good day.
There are like 500 other passwords I have to sift through to sign into anything
Websites need desperately to display their password creation rules on login pages. If I knew this particular site had (for some dumbass reason) a maximum password length less than the length of the password I’d otherwise use on that site or (also completely unreasonably) restricts special characters, I can more easily figure out what password I used when I signed up with fewer wrong guesses, all without sacrificing any security. (It’s not like the rules aren’t public info that anyone can get. Just don’t make me go halfway through the signup process to get that information if I’m just trying to log in.)
It would also let hackers know what combinations not to try.
I have a better proposal: If your login page has any restriction on passwords (other than being part of Unicode and a max length of 128 characters) then your site should be shut down.
Life is like this because its easier on the developers than having to deal with the deluge angry customers losing all their shit to scammers because they use the same 5 character password for every site on the internet.
Based and true
](https://lemmy.dbzer0.com/pictrs/image/2f4ae845-6190-4bef-ac6c-f9614e6c2d02.png){kind=link}