• @[email protected]
    link
    fedilink
    198 months ago

    You’re better off with random different passwords for each service written on a sticky note than using the same password/email combofor multiple accounts.

    • lemmyvore
      link
      fedilink
      English
      88 months ago

      I mean, you’re comparing very different scenarios.

      If one account gets broken into and their password hashing was crap, the attacker can try the email/password combo with other services and can stumble onto another one you use.

      If someone has access to your sticky note they have all your accounts.

      I don’t think I’d call either of them better.

      Of course, all this assumes no second auth factor.

      • @[email protected]
        link
        fedilink
        48 months ago

        If someone has access to your sticky note they’re already in your house, and that’s a bigger issue IMO… even from an itsec perspective, once the attacker has physical access to guarantee safety is difficult.

        But seriously, there’s a guy in your house.

        • lemmyvore
          link
          fedilink
          English
          3
          edit-2
          8 months ago

          But seriously, there’s a guy in your house.

          My house is not a prison… yes, other people come over. There’s the occasional party, handymen doing work, neighbors, parents of kids from school, kids sleeping over, and so on. It doesn’t have to be the ninjas breaking in.

          If you don’t casually keep wads of cash in the open around the house you probably shouldn’t have logins on a post-it either. But to be fair the kind of person that does the latter does the former too.

          • @[email protected]
            link
            fedilink
            18 months ago

            If I know they are there then I either supervise visitors or trust them to not rummage/take my stuff. If that is your issue then keep your postit in a drawer; most people don’t keep their yubikeys in a securely bolted safe either.

      • @[email protected]
        link
        fedilink
        17 months ago

        Just shift the password descriptions a few spots compared to the passwords, then you’ll get email about failed logins as a canary.