• deeply_moving_queef
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    A good password you need to recall and type should be easy to remember and hard to guess indeed - diceware is a good solution for creating such passwords, given sufficient length.

    But for everything else a password manager provides more benefits for the average user than drawbacks. When used properly, it creates very complex passwords that the user never has to recall - the password manager enters the password and all the user needs is a single “good” password to access all others. The drawback, as with most hosted services, is trust. Though most citizens of the modern internet have already accepted that risk multiple times over.

    Also, a site administrator providing for salted, well-hashed password storage doesn’t mitigate a user configuring hunter2 as their password - they’re going to lose access to that account. 2FA mitigates this somewhat, but not enough to evade a well crafted phishing attempt. The onus is very much on the user to protect their account with unique, complex passwords that aren’t used, in part (e.g. as a prefix) or in whole, on other websites/services.

    Hopefully this all becomes moot with wide adoption of Passkeys and we’re indeed heading in that direction. But for now, we’re stuck with passwords.