Cybersecurity

6739 readers

217 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Password reuse is rampant: nearly half of observed user logins are compromised (blog.cloudflare.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

26 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] sugar_in_your_tea@sh.itjust.works 2 points 18 hours ago

BitWarden

Yeah, the level of effort required is extremely low, and it's really nice for things like sharing passwords with an SO for things where separate logins don't work.

So yeah, I use Bitwarden. I plan to self-host soon (vaultwarden), I'm just figuring out how password sharing works before I go and switch my SO's stuff over. But it's audited, FOSS, and generally the dev makes decent decisions (though I hate the new UX overhaul).

I self-host a bunch of stuff too. I am transitioning from Nextcloud to OwnCloud Infinite Scale now that I posixfs is in experimental status (I only use file hosting from Nextcloud anyway). However, my password manager has been very far down the list for me, because the level of effort required exceeds the value I'd get from it, especially compared to other things I can set up.

The hard thing to teach people is that, you don’t actually need to know those 50+ passwords, nor should you care what they are.

Exactly. Use literally any password manager that uses MFA, and set up MFA (Google Authenticator works, I personally use Aegis). I also recommend BitWarden, but there are several decent options available.

The most important thing for them to know is that passwords should be different between services, and you can and should automate that.