| ▲ | bjourne 7 hours ago |
| Heard of haveibeenpwned? You'll end up there, eventually. |
|
| ▲ | vikaveri 7 hours ago | parent | next [-] |
| If you end up, for some reason, being one of those unlucky individuals whose Google account gets banned and all your other accounts are behind Google login, then you truly have been owned. |
|
| ▲ | zelphirkalt 7 hours ago | parent | prev | next [-] |
| You mean when using "sign in with" and then using a shitty password for your social media account? If you use e-mail and password with a good password manager, that runs locally on your device and generate good random passwords, it is unlikely you will end up on haveibeenpwned, and even if one website does shit, the blast radius is only one account on one website. |
| |
| ▲ | bjourne 6 hours ago | parent [-] | | You'll still have your e-mail address exposed, which you may not want if it is to some random porn site. Moreover, password managers do not work if you use multiple devices for log in, which most people actually do. | | |
| ▲ | Sharparam 6 hours ago | parent | next [-] | | I use my password manager across multiple devices daily. Apparently it has not been working without me noticing it? | | |
| ▲ | bravetraveler 4 hours ago | parent | next [-] | | I assume they're thinking about the 'offline' style where one would shuffle a database file and probably resolve conflicts. There's an app/extensions nowadays, man! I don't even bother with a VPN, just occasionally push a 'sync' button on the roaming devices [when they return to LAN]. DB transactions [new credentials] averages ~0 per month... but there's plenty of capacity. Works extremely well. | | |
| ▲ | quadruple 2 hours ago | parent [-] | | The truth is that even with KeePassXC, I just really do not notice stale passwords across devices.
It's just really not a huge deal for me personally. Maybe it is for normal people.
I sync my databases maybe once a year if I'm lucky. | | |
| ▲ | palata 2 hours ago | parent [-] | | Same here. I use pass, and I just don't create/update passwords that often. And synchronising is very easy (it's a git repo). |
|
| |
| ▲ | bjourne 2 hours ago | parent | prev [-] | | ... And how do you access the passwords that password manager manages? | | |
| ▲ | palata 2 hours ago | parent [-] | | With the "password manager" program? I have one on my desktop and one on my smartphone. How do you expect to access the passwords that the password manager manages? | | |
| ▲ | bjourne 20 minutes ago | parent [-] | | ... Can everyone in the world ready our passwords or are they "protected" somehow? |
|
|
| |
| ▲ | throwaway063_1 2 hours ago | parent | prev | next [-] | | If you sign in with Google, the site knows your gmail address. | |
| ▲ | flexagoon 5 hours ago | parent | prev [-] | | Email aliasing is a thing |
|
|
|
| ▲ | bravetraveler 7 hours ago | parent | prev | next [-] |
| Risk Bob's Salad Shack leaking an inconsequential, unique, credential or bind everything to the whims and identity of a single organization; hmm. |
|
| ▲ | Nextgrid 7 hours ago | parent | prev | next [-] |
| Ending up on HaveIBeenPwned is only a problem if you reuse passwords. |
| |
| ▲ | bjourne 2 hours ago | parent [-] | | Nope. It is a problem if you reuse email addresses. | | |
| ▲ | palata 2 hours ago | parent [-] | | Are you saying that you reuse the same password everywhere, but a different email address every time, and you feel confident that having your password leaked won't have repercussions? I am genuinely confused. Sounds like holding a gun from the wrong end and feeling protected by it. |
|
|
|
| ▲ | palata 2 hours ago | parent | prev | next [-] |
| - Complains about age verification because it is "not private" - Uses Google SSO to sign in everywhere |
|
| ▲ | raincole 7 hours ago | parent | prev | next [-] |
| Password manager. Before inevitable "what if your password manager is hacked...," what if your google account is hacked / banned? |
| |
| ▲ | palata 2 hours ago | parent | next [-] | | Agreed. Just wanted to add: > Before inevitable "what if your password manager is hacked My passwords are encrypted with a security key. I think it is more likely for my computer to get compromised than for my password manager to leak the passwords. Admittedly, if I lose all the security keys at the same time, I lose all of my passwords. | |
| ▲ | 63stack 6 hours ago | parent | prev [-] | | You don't even need a password manager, browsers autogenerate secure passwords for you, and they sync between computers/mobile devices. (I'm saying this from the perspective of "regular people don't want to be inconvenienced like that, obviously you should use an external password manager for security) |
|
|
| ▲ | danelski 7 hours ago | parent | prev | next [-] |
| Sign-on with the external identity provider doesn't help if data related to your account like the billing information, your government ID info etc. are released in the breach, that's the sore point. |
|
| ▲ | wraptile 7 hours ago | parent | prev [-] |
| People will know that my password was y!2TvM8h3dpvw4 for one particular website at some point. What do I lose here? Google/Apple incurs much greater risk that is entirely out of your control. |
