Another way to never remember passwords...

prime
prime
Community Member
in Lounge

Who needs to remember passwords OR use a password manager. I can't believe people do this...

https://www.techworm.net/2016/07/password-hack-dont-bother-remember-passwords-use-simple-trick-instead.html

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    :scream:

    Before even reading it, my first thought was, "Simple trick? That sounds like it's going to be simpler for an attacker too..."

    But I was wrong. This is way weirder than I expected. Admittedly, it's still a better idea than password reuse or weak passwords you can remember, but it isn't really a solution because you have to jump through so many hoops. Anything important will just lock you out after repeated "password reset" requests, many sites will email you a new password, and email is a pretty weak link in general. Also, getting so many "password reset" emails in my inbox would make me more likely to fall for one of the phishing scams I see regularly but ignore. Maybe that's just me.

    I think on its face, this might seem to someone the same as using a password manager. After all, you're choosing a single strong (hopefully) password to protect your email account in this case. But your email account isn't secured to the extent that 1Password is, and you'll be using a weaker password there so that you can remember and type it in order to get to all these password rest emails. You could do worse of course, but it just isn't necessary to do any of this. There's an app for that. ;)

  • prime
    prime
    Community Member
    edited March 2017

    I couldn't agree with you more @brenty. I saw this and I figured you guys would get a kick out of this. This is a waste of time going this route, and I "ain't got time for that!" :p (Not sure if you ever seen that meme where that saying came from)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @prime: It certainly does seem like it would be time-consuming! :lol:

    I don't think I know the meme you're referring to, but as long as it's "safe for work" send it my way. :tongue:

  • wkleem
    wkleem
    Community Member

    Funny, but I am having an issue authenticating Dropbox as I had set up 2FA and because I needed to access the 1Password AgileKeychain there, I am locked out of 1Password iOS currently. Dropbox 2FA needs to verify the 2FA with a password that is inaccessible!

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: Really? Do you have access to 1Password on another one of your devices to get your Dropbox TOTP code? :dizzy:

  • wkleem
    wkleem
    Community Member
    edited April 2017

    Hi Brent,

    I only set up iPhone for 2FA using Duo. I never got around set up other devices. In Dropbox, if you e.g. Set up 2FA like I did but somehow, the recovery codes were invalidated, it won't let you back in.

    I did forget password routine. It is either Phone number or Authenticator. I chose Authenticator. This is on my PC.

    Here are the instructions:

    https://dropbox.com/en/help/364

  • pervel
    pervel
    Community Member

    I'm not a fan. I generally go by the rule that if you use a system against its intentions, you should not be surprised if it has unintended consequences.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Ack. Yeah, I even added my iPad and two extra phone numbers to Duo because I'm paranoid about locking myself out of something... :scream:

This discussion has been closed.