Okay.

See here’s the thing:

You have to remember:

  1. BIOS password (you’re supposed to set one, right? I mean… so your that sibling/roomate/kids/family doesnt mess around and replace your OS with a malicious OS)
  2. Full Disk Encryption password and then finally
  3. The user password

Like that kinds breaks my brain

Do y’all just put those in your password manager… then only have to remember

  1. Master Password to password vault and
  2. Phone lockscreen

Is this the “Standard Operating Procedure”?

But if you are paranoid and set a full alphanumeric password/passphrase… then you have to remember two differen passphrases…

Or couldn’t you just simplify it to like just ONE, like:

Can you have the same password for Phone Lockscreen as the Password Vault Master Password?

So that you Only ever need to remember exactly ONE password

Is this a good idea?

My head hurts from this…

Idk how to do this…

I wanna simplify my digital stuff… my stuff is so disorganized…

  • Scott 🇨🇦🏴‍☠️@sh.itjust.works
    2·
    6 hours ago

    Phone is a 6 digit pin.

    I find passphrases very easy to remember. I have different ones for my laptop, external hard drives, Proton, Tuta, and password manager.

    I find it helpful to make the passphrase an insult toward a company or group such as “go away piggy this is mine”.

    • njordomir@lemmy.world
      4·
      5 hours ago

      At a job I hated, they made us change passwords often. It was quite irritating. I also think it was counterproductive because something like fuckcorporate!666 is likely more susceptible to a dictionary attack than a carefully chosen password rotated less frequently.

      • baggachipz@sh.itjust.works
        4·
        3 hours ago

        At my job now, we have to change our password so often with such onerous requirements (16 char, alphanumeric, at least one upper case, at least one lower case, at least one symbol, no repeating characters) that I have to store my work password in my personal password manager with much more lax requirements. What the fuck kind of security is that?

        • woodytrombone@lemmy.dbzer0.com
          1·
          2 minutes ago

          If you have any voice with your Security department, you can tell them that rotating passwords are counter to NIST SP 800-63B (Section 10.2.1) guidance:

          Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.

      • bluGill@fedia.io
        3·
        4 hours ago

        Rotating passwords are less secure pecause people chorse a short password and then append an incrimenting number. Thus if it leaks for any reason the attacker knows them all.

        If you only force rotation after a known breach (that you admit to) people choose a new - good - pasword. Make sure the source of the breach is fixed though or people will give up when it happens too often