Plausible deniability for when it’s discovered her accounts are controlled from Moscow?
“Oh, I must have been hacked cuz weak passwords. That’s why my account sent our classified war plans to Putin.”
Everyone knows you do that on Signal.
Or a manky Signal clone with backdoors transmitting everything in plain text…
Good thing they put her in charge of intelligence, then.
That’s weird. I have my browsers set up so if I type my password all that shows up is *******
I have the same add-on I think. When I type hunter2 it just shows up as hunter2 instead.
I have the same add-on I think. When I type ******* it just shows up as ******* instead.
That’s a neat plug-in.
deleted by creator
hunter2?
Meh, I can’t dunk on this one. Despite paying for a password manager, I still use the same password for things I don’t care about / that can’t be used to exploit me. The other day I had to register for something stupid and that’s what I used, yet again. Granted, I’m not logging into game-changing accounts with it, but I get it. I’ll dunk on her for policy.
Given the absurd number of sites that require a login for no discernible security reason at all whatsoever; I get it.
A “Common” password makes sense. This password should never be used to log into or protect anything secure however.
Similarly a “Common” password might be used to enable login more easily from certain devices; but ideally this “temporary” password should probably be something that is, yet again, different from the first “Common” password you use.
It boggles my mind that someone like this isn’t at least using a specific passphrase for secure work accounts only.
While I can personally understand a need for some password reuse across multiple domains; at least there should be some separation of larger “superdomains” such as “work”, “personal” and “throwaway” so that breaches don’t have such a catastrophic impact.
A system of generating secure, unrelated but memorable phrases (for you) for those times you can’t carry or use a password manager is frequently essential. That way you can recall the password on the fly when it is asked of you; all you need to do is think about the unrelated thing you attached that information to.
Ditto. I use unique passwords for services I care about / someone could exfiltrate sensitive data, and a cheap reused password for services I don’t care about and could easily regain access to with a password reset email.
I totally have unique passwords for all my hundreds of accounts around the internet.
This reads as sarcastic to me, but I and many others legitimately do, through the use of a password manager. I have an encrypted database that syncs between my phone, laptop, and a vps, and I occasionally manually back up to a free email account. I only need to remember the one password to unlock the db.
What I’m saying is that I don’t criticize others for something I do myself - that would be hypocritical.
Being hypocritical reflects bad on you. But that does not mean it is bad advice.
deleted by creator
