consensus implies it's up to discussionn, with a common agreement. It's not. There is a correct scheme for your passwords and it's a local password manager with different passwords for everything. It doesn't matter which one, only that you do not ruin its purpose by hosting it in some cloud or using the same passwords for everything anyway. Every week there's leaks and anyone whose passwords are in one made an active choice to put it there. The idea of a "smart" password makes me shiver as to what kind of retarded patterns you put in your passwords, given that you want your password to be as dumb/random as possible.

>>107690358
I'm asking how much safer it is exactly and is it it worth it for the pleb class. me personally I change my passwords regularly and craft them from lines of Middle English poetry

>>107690401
>I'm asking how much safer it is exactly
>craft them
>from lines of middle english poetry
It's shit like this that has you replying just in case he's not baiting.
Anon, stop trying to rationalize your profoundly retarded password system. Use a password manager. The "pleb class" will just use one in the cloud, but at least that's only one system that has to stay secure rather than a hundred.

>>107690401
It does two things:
defends against credential stuffing attacks which is how 90% of people get fucked over (e.g. I get your amazon password which now means I try it on your email, bank, etc and pwn everything at once)

defends against word list or rainbow table brute force attacks because you randomly generate ultra long incoherent passwords

The result is that when hashes get leaked they’re a pain in the ass for someone to reverse, and should they succeed the impact is limited because your passwords are different for every service

If you’re using the same passwords for everything you’re doing it wrong regardless of how complicated they are or how frequently they’re changed
If you’re using a cloud based pw manager you’re doing it wrong because it provides a single silver bullet to attackers for every service you have

Stop making your own passwords and use an offline manager anon, just make sure you back up the database using the 3-2-1 rule

>password manager
Save them as randomly named text files across the filesystem with zero context whatsoever, name the files things like cunt ass random etc and only commit which file is which to memory. To which file goes to which website, you store thst in your head.

100% going to assblast anyone who havks you, you dont want shit organized you want it a fucking mess, but do encrypt it with LUKS at least.

>>107690507
isnt it a headache to have to open up a text file some place each time you wanna log into something

My password manager is an unsaved document in sublime text

>>107690507
Shitty advice
>save them as text files
If the files aren’t encrypted they’re vulnerable to a remote attacker, access logs will save attackers the time of figuring out where to look defeating the purpose of putting them everywhere / naming them randomly, the remote attacker is now armed with a 1 in 8 or so chance to crack your shit depending on how many of these text files you make
>encrypt with LUKS
this will protect the data at rest from physical access attacks only, every pw manager already encrypts the local database so you literally can’t fuck it up


Offline password manager is the correct solution because the file is encrypted meaning a remote attacker might be able to get it but won’t be able to open it up, and if your FDE is implemented poorly or bypassed somehow the database is still encrypted because it just is

Also, you don’t have to dick around in your file system looking for some random text file that doesn’t even enhance your security

Quit larping as a schizo and actually read a computer security book so you can be a real schizo anon

>>107690317
I selfhost vaultwarden and it's pretty great. Can generate passwords for shit, don't have to think about anything else.

Linux has pass and that is all you need

The only password managers that are any good are the ones fully under your control.

>>107690654
Also, even from a pure usability viewpoint. Literally no one is able to remember where they stored the randomly named file for services they use twice a year. My password manager has almost 300 entries, most of which I use maybe a couple of times a year.

tl;dr: if it's local and not synced to Da Cloud™ you are probably fine. Using a well-generated password every time is always good opsec, even if you are storing the passwords in some storage scheme that could be cracked.

Also learn to use a tool like age or gnupg because then you can store sensitive stuff more complex than passwords.

>>107690317
>of "smart" passwords for everything?
Yeah see >>107690468 your giga-ultra-secure password doesn't matter when half of websites store passwords in plaintext because they were s lapped together in an afternoon or vibe-coded. As such, multiple unique strong passwords stored offline and encrypted at rest is ideal.

>>107690654
Using a password manager will not save you if computer is compromised
It centralized all the data in a here:thing type way, if PC owned = fucked
Goal is to be "what a clusterfuck, fuck this" for anyone who does get into the system

There is no better solution to passwords than either doing what i said or doing diceware and keeping it on pen and paper. For crypto specifically, I recommend a trezor that stays disconnectsd from any networked computer.

Option 1:
>write down the passwords (safe against digital attacks)
>leave a part of the password away (if your passwords get stolen, you have time to change them)

Option 2:
>Use Keepass (locally stored password manager, allowing you to make very diverse passwords)
>use a keyfile in addition to your password (so it's harder to steal by keyloggers)

>>107690809
>Option 1
So I would make the password something like B00B13S
Then leave out the prefix B1G

>>107690317
the fact that this thread even exists here proves that no one on /g/ knows a single thing about cyber security

>>107690358
>hosting it in some cloud
so no syncing of passwords ?