this post was submitted on 04 Apr 2024
1019 points (98.8% liked)

linuxmemes

20839 readers
1101 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
poopsmith
zephyr
rtxn
1019
Why don't banks like root on Android? (lemmy.world)
submitted 5 months ago by Waffelson to c/linuxmemes
188 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] PriorityMotif 17 points 5 months ago (1 children)

You're better off with random different passwords for each service written on a sticky note than using the same password/email combofor multiple accounts.

[–] [email protected] 8 points 5 months ago (2 children)

I mean, you're comparing very different scenarios.

If one account gets broken into and their password hashing was crap, the attacker can try the email/password combo with other services and can stumble onto another one you use.

If someone has access to your sticky note they have all your accounts.

I don't think I'd call either of them better.

Of course, all this assumes no second auth factor.

[–] nevemsenki 4 points 5 months ago (1 children)

If someone has access to your sticky note they're already in your house, and that's a bigger issue IMO... even from an itsec perspective, once the attacker has physical access to guarantee safety is difficult.

But seriously, there's a guy in your house.

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

But seriously, there's a guy in your house.

My house is not a prison... yes, other people come over. There's the occasional party, handymen doing work, neighbors, parents of kids from school, kids sleeping over, and so on. It doesn't have to be the ninjas breaking in.

If you don't casually keep wads of cash in the open around the house you probably shouldn't have logins on a post-it either. But to be fair the kind of person that does the latter does the former too.

[–] nevemsenki 1 points 5 months ago

If I know they are there then I either supervise visitors or trust them to not rummage/take my stuff. If that is your issue then keep your postit in a drawer; most people don't keep their yubikeys in a securely bolted safe either.

[–] PriorityMotif 1 points 5 months ago

Just shift the password descriptions a few spots compared to the passwords, then you'll get email about failed logins as a canary.