Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
Yeah, the level of effort required is extremely low, and it’s really nice for things like sharing passwords with an SO for things where separate logins don’t work.
So yeah, I use Bitwarden. I plan to self-host soon (vaultwarden), I’m just figuring out how password sharing works before I go and switch my SO’s stuff over. But it’s audited, FOSS, and generally the dev makes decent decisions (though I hate the new UX overhaul).
I self-host a bunch of stuff too. I am transitioning from Nextcloud to OwnCloud Infinite Scale now that I posixfs is in experimental status (I only use file hosting from Nextcloud anyway). However, my password manager has been very far down the list for me, because the level of effort required exceeds the value I’d get from it, especially compared to other things I can set up.
The hard thing to teach people is that, you don’t actually need to know those 50+ passwords, nor should you care what they are.
Exactly. Use literally any password manager that uses MFA, and set up MFA (Google Authenticator works, I personally use Aegis). I also recommend BitWarden, but there are several decent options available.
The most important thing for them to know is that passwords should be different between services, and you can and should automate that.
Yeah, the level of effort required is extremely low, and it’s really nice for things like sharing passwords with an SO for things where separate logins don’t work.
So yeah, I use Bitwarden. I plan to self-host soon (vaultwarden), I’m just figuring out how password sharing works before I go and switch my SO’s stuff over. But it’s audited, FOSS, and generally the dev makes decent decisions (though I hate the new UX overhaul).
I self-host a bunch of stuff too. I am transitioning from Nextcloud to OwnCloud Infinite Scale now that I posixfs is in experimental status (I only use file hosting from Nextcloud anyway). However, my password manager has been very far down the list for me, because the level of effort required exceeds the value I’d get from it, especially compared to other things I can set up.
Exactly. Use literally any password manager that uses MFA, and set up MFA (Google Authenticator works, I personally use Aegis). I also recommend BitWarden, but there are several decent options available.
The most important thing for them to know is that passwords should be different between services, and you can and should automate that.