this post was submitted on 05 Jul 2023
44 points (95.8% liked)

Asklemmy

43945 readers
35 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

I was gonna ask about the biometrics part in a separate question, but its both about security, so might as well combine it in one post.

Okay so I don't use password managers. I just try to make easy to remember passwords 3-4 random words + 3-4 random numbers. ~~Online accounts can't be brute forced anyways.~~ Edit: I mean most websites have log in limits don't they? Maybe I've been mistaken?

For offline accounts, I just increase the words and numbers. For mobile I don't use biometrics, although I've been testing whether or not I want a pin + no biometrics or alphanumeric password + biometrics. I just can't decide.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 26 points 1 year ago (4 children)

I use the password manager Bitwarden, but Proton Pass is looking kinda nice.

[โ€“] [email protected] 5 points 1 year ago (1 children)

Same with bitwarden, I recently made my wife change from google because I don't trust how they could be managing that kind of data.

[โ€“] TheBig2023Meltdown 3 points 1 year ago (1 children)

What benefit could it be to Google for them to have access to your user and passwords?

Genuinely curious, I use bitwarden myself but can't see Google using their password manager for nefarious reasons

[โ€“] [email protected] 5 points 1 year ago (1 children)

Sure, probably they won't use it for bad purposes.
But there's nothing saying they won't use them in any way they see fit.
Maybe they could find a way to find monetize without disclosing them and anonymized, like statistics or with the update in their policy about training their models with whatever information they can get.
Maybe you have an ad blocker and AdSense can't build a profile from you, but the google already know what sites you were interested enough to make an account and could try to advertise in other ways.

And then the biggest issue: there's no mention of encryption, so who knows how they store them and where. Could an attacker read them? How are google employees prevented from reading them?

[โ€“] [email protected] 1 points 1 year ago

Also, what's stored at Google is not only accessible by Google, it's also typically accessible (probably paid for) by intelligence agencies and law enforcement. The Snowden revelations showed that. Same is true for every other big tech company. Even if you think that's still not a problem because you're not doing anything wrong, it could be a problem if you're ever falsely accused of a crime. There are innocent people being thrown into jail for life. Our systems aren't perfect, so don't assume nothing will ever happen to you. Also, if you should find yourself living under a fascist government in the future, they could use your past data to actively target you. This is also not entirely unlikely, because the right-wing is currently quite strong again and who knows what will happen after massive socio-political changes due to climate change and more and more uninhabitable or flooded areas.

Don't give those data hoarders more of your data voluntarily. Only give them the least amount of data possible. Keep private things as private as possible. Everything else can only have negative consequences for you down the road. And that road could be very long, many years long. Decades, even. The data about you never goes away. Storage is cheap.

[โ€“] [email protected] 3 points 1 year ago

I'm already on Proton's other services, so I'll likely switch to Proton Pass if it looks good

[โ€“] tofurious_is_god 2 points 1 year ago (1 children)

Whats the reason proton pass is looking better? I just started my switch to bitwarden, I used to use enpass offline on windows.

[โ€“] [email protected] 4 points 1 year ago

I use proton services so it would integrate better for me. Bit warden is objectively better though.

[โ€“] MementoMori 1 points 1 year ago

Same. Works well for me and I've had no issues with the free version.