this post was submitted on 18 Jul 2025
564 points (97.2% liked)
memes
16291 readers
3060 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Who TF isn’t using a password manager in 2025? Like how would you even function?
EDIT: Y’all need to stop replying with your password generation strategies. JFC it’s like you’re asking someone to pwn your shit.
My employer, a fortune 500, blocks password managers and all other add-ons.
When will he be hacked.... Let's place bets everyone!
Can I register your bet for 27 dollars or euros?
Sure, I'll bet in Dollars and take the number equivalent payout in Euros
My employer, a 12 people big company, nowhere near any fortune list, mandates the use of 1password for all company related accounts.
Ah but you see there's the problem, you don't have a committee to launch a working group that puts together investigative teams to research and write reports on the benefit of the solution, the ROI of the solution, the training costs of the solution, stakeholder buy in of the solution, and potential alternatives to the solution. You need at least a 10 month process before one jackass says they don't want the solution so the committee can recommend to management that the solution be abandoned.
Federal and State jobs you can’t use password managers.
My federal job came with one pre-installed.
Depends on your clearance level/what you have access to.
Not gonna get specific, but, I have access to a shitload of sensitive personal data. It's more likely you ran into an agency policy rather than a federal policy.
No it is literally determined by clearance level. It is mandated.
Yeah. My agency doesn't use clearance level to determine security requirements. It's likely your password manager policy is agency-specific.
are you trolling or do you not realize this is massive liability?
I think they believe getting their fingerprints and having a background check means they have a security clearance or something.
Health records for veterans don't require a security clearance to be managed. (Personnel records for active military only require a Secret level clearance) You'll wanna take it up with whoever manages security for the VA about the 'massive liability' involved.
https://www.va.gov/securityinvestigationscenter/frequently_asked_questions.asp#q006
Lol so you do not have a security clearance.
Got it.
FYI if you had a security clearance, posting that you have one in your personal Lemmy account would absolutely be grounds for it to be revoked.
This is how you get in my block list.
Yeah idk about that. I've worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I'm also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.
Okay so remember the one or two ones you need there (try a passphrase!)
For everything else - password manager.
Federal I had about 15 passwords. The State job I had about half that.
Yep.
I use pass phrases filtered through a mess of cyber chef.
I literally work for a state government and I use password managers for both work and personal.
EDIT: For clarity, the data is hosted on-prem. I don’t send govt credentials to the cloud like a moron.
I use modified “HorseBatteryStaple” style passwords. I have a couple base phrases that I always remember, with special characters and numbers inserted. I modify them bit by bit for different sites, and keep a list of the changes - only the changes. Anyone who looks at the list would see random words, numbers, or symbols without context; only I know how it all fits together.
For example, let’s pretend HorseBatteryStaple1! Is my default password. I may have “cell phone, machine 5” on the list. That would mean the password for my cell phone’s payment website modifies the default password by changing one of the words in HorseBatteryStaple to “machine” and the number 1 to 5.
I know password managers exist, but I like to try to remember my own passwords. Especially since I may need them across different devices, including my work laptop that I can’t download new programs onto.
Caution, reusing parts of your passwords like that significantly reduces the effective entropy.
If someone fin HorseBatteryStaple1! in a plaintext leak, then they only need to guess one word and one number to get you phone password (assuming they know your format or use a matching heuristic).
So using a combination of this comment and an existing leaked DB (trust me, your credentials have leaked somewhere at some point), all your accounts could be trivially cracked.
I basically use a childhood limerick in leetspeak. Easy to remember, tough to Crack. Like for example, Peter Piper pickedna peck of pickled peppers becomes "P3t3rP1p3rP1ck3d4P3ck0fP1ckl3dP3pp3rz!" Of course I never used that particular one, but you get the idea.
So you have the same password for everything? Which would mean a single password leak would compromise all of your accounts?
Brah
Because they seem to fall into two categories. Those that have been compromised
And those who haven't.... Yet
I function by only having 2 accounts I actually care about. Bank and e-mail. The rest get the same password over and over because I legitimately don't care about them and never give them real personal data.
A password manager would be the same amount of effort, but way more secure.
Those are hackable too through
I have passwords I don't care about, passwords I keep on the manager, and then important ones I enter manually every time
Don't ever use lastpass and the likes, when good open source ones exist.
Like Bitwarden.