Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
DanijelH7786dJust use a password manager, it's much more secure and painless. My personal preference, Bitwarden.
ctrl+c & ctrl+v from MY ORIGINAL COMMENT:
"And the password storages and autocompletions don't count, that's a plaster on top of idiotic paradigm, nothing else."
difference - someone breaks in to your password "manager" account? all of your accounts are fucked automatically
someone gets ONE of your passwords to ONE of your accounts?
they still have to guess where else you're registered
DanijelH7786d@Midnigh-shcode You have an option to encrypt and have it stored locally without cloud but it has been proven than even without that it's the safest way. We have an enterprise grade security in our company, everything is forbidden and password managers are a must. Company had numerous hacker attacks multiple times.
I have to agree so hard, it hurts.
Take Slack for example, who actually save either your old password hashes or your old passwords in plaintext. When you try to reset your password the same as before, you'll get an error message.
Somebody I exchanged a few PMs with in a security forum told me, I tried it and I was blown away. How is this remotely secure?
If you get a hold of the DB, however, you can practically brute force it to oblivion with a few rented servers or even a good laptop, and as soon as you get a match you can bet the same person uses the same password with a similar or even the same email address as their login credentials on other websites/services, because why wouldn't they, if they don't have any clue about security?
There is absolutely no advantage to this. It's just harassment because of reasons that shouldn't concern the service or site owner(s).
maces2426dPossible Solutions :
1 - Password Manager
2- Browser remember Password
3- Write down your passwords
4- use unified passwords for sites that you can afford losing access to
5- don't use the site at all "since it's not an important site then you don't need it and if you need access then you need to follow their rules"
p.s. since you are a developer please don't sit idle and go create the next server/remote client verification methodology man humanity is putting its hopes on you.
p.s.s most web sites that run from decent countries are regulated and based on those regulations they define the protection and the procedures of signing up.
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job