this post was submitted on 10 Apr 2026
35 points (88.9% liked)

Ask Lemmy

39046 readers
1731 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, toxicity and dog-whistling are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 2 years ago
MODERATORS
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
Asudox@lemmy.world
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
ModeratorCan@lemmy.world
neidu3@sh.itjust.works
asudox@lemmy.asudox.dev
candyman337@lemmy.world
candyman337@sh.itjust.works
35
Okay if you use a password manager, don't you still have to remember your phone lockscreen and also computer passwords? How do you make this password thing as simple as possible? (sh.itjust.works)
submitted 1 day ago* (last edited 1 day ago) by DeathByBigSad@sh.itjust.works to c/asklemmy@lemmy.world
49 comments fedilink hide all child comments
 

Okay.

See here's the thing:

You have to remember:

  1. BIOS password (you're supposed to set one, right? I mean... so your that sibling/roomate/kids/family doesnt mess around and replace your OS with a malicious OS)
  2. Full Disk Encryption password and then finally
  3. The user password

Like that kinds breaks my brain

Do y'all just put those in your password manager... then only have to remember

  1. Master Password to password vault and
  2. Phone lockscreen

Is this the "Standard Operating Procedure"?

But if you are paranoid and set a full alphanumeric password/passphrase... then you have to remember two differen passphrases...

Or couldn't you just simplify it to like just ONE, like:

Can you have the same password for Phone Lockscreen as the Password Vault Master Password?

So that you Only ever need to remember exactly ONE password

Is this a good idea?

My head hurts from this...

Idk how to do this...

I wanna simplify my digital stuff... my stuff is so disorganized...

you are viewing a single comment's thread
view the rest of the comments
[–] njordomir@lemmy.world 4 points 1 day ago (3 children)

At a job I hated, they made us change passwords often. It was quite irritating. I also think it was counterproductive because something like fuckcorporate!666 is likely more susceptible to a dictionary attack than a carefully chosen password rotated less frequently.

[–] bluGill@fedia.io 5 points 1 day ago

Rotating passwords are less secure pecause people chorse a short password and then append an incrimenting number. Thus if it leaks for any reason the attacker knows them all.

If you only force rotation after a known breach (that you admit to) people choose a new - good - pasword. Make sure the source of the breach is fixed though or people will give up when it happens too often

[–] baggachipz@sh.itjust.works 4 points 1 day ago (2 children)

At my job now, we have to change our password so often with such onerous requirements (16 char, alphanumeric, at least one upper case, at least one lower case, at least one symbol, no repeating characters) that I have to store my work password in my personal password manager with much more lax requirements. What the fuck kind of security is that?

[–] woodytrombone@lemmy.dbzer0.com 3 points 1 day ago (1 children)

If you have any voice with your Security department, you can tell them that rotating passwords are counter to NIST SP 800-63B (Section 10.2.1) guidance:

Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.

[–] baggachipz@sh.itjust.works 2 points 1 day ago (1 children)

Oh I’ve done exactly that. He (security chief) insists it’s required for SOC2 compliance, an assertion I’m leery of.

[–] woodytrombone@lemmy.dbzer0.com 1 points 1 day ago

Yep, that's dumb. SOC2 is built upon NIST guidance, not the other way around.

[–] MufinMcFlufin@lemmy.world 2 points 1 day ago

Security theater in action.

[–] RodgeGrabTheCat@sh.itjust.works 1 points 1 day ago (1 children)

I bet half your co-workers have a post-it stuck to their monitor.

[–] njordomir@lemmy.world 2 points 1 day ago

Almost certainly some of them. I enjoyed hearing that insults and trash talk are still the norm for corporate passwords you have to remember! :D