Amolith on Nostr: npub1q5l4y…7ywp3 > The only password that needs memorizing is the password manager. ...
npub1q5l4y898qvhzghc665jrqj6kcw4p89gha56azkt7j0jm9299wzcqt7ywp3 (npub1q5l…ywp3)
> The only password that needs memorizing is the password manager. All others should be auto-typed.
You also need to decrypt the disk if you're using FDE, log into the machine, then decrypt your password manager. Those are three passwords that should be memorised and can't be auto-typed.
> they should never be typed in the first place let alone memorized
I disagree on both counts.
Memorising a password is perfectly fine and even desirable in some situations. However infeasible, password managers can be cracked. Unless you're tortured or drugged, odds are good that your brain can't be.
Manually typing passwords is 100% necessary when you're logging into many machines often, like we have to do because we set machines up for internal use and for clients. It's also necessary when logging into things on machines that don't have an installed password manager.
> All others should be auto-typed. Do not use clipboards either.
I wish these were feasible, but they're not. Bitwarden is the password manager I always recommend because it's open source, the cryptography is very strong, and the free tier is perfectly sufficient for the vast majority of people. Their desktop app is electron 🤮 and doesn't support any form of auto-type and likely never will because electron 🤮. Many other password managers are exactly the same. The only one I know of that has auto-type off the top of my head is KeePassXC and shell scripts that use xdotool/ydotool with pass or gopass or one of the other implementations.
Manually typing passwords is only a problem if there's a physical keylogger between your keyboard and the password field. If it's a software-based keylogger, auto-type from your password manager is exactly the same as manually typing them. I agree that it's always best to avoid using a clipboard, but imo that's just not a feasible mandate in the real world.
> The only password that needs memorizing is the password manager. All others should be auto-typed.
You also need to decrypt the disk if you're using FDE, log into the machine, then decrypt your password manager. Those are three passwords that should be memorised and can't be auto-typed.
> they should never be typed in the first place let alone memorized
I disagree on both counts.
Memorising a password is perfectly fine and even desirable in some situations. However infeasible, password managers can be cracked. Unless you're tortured or drugged, odds are good that your brain can't be.
Manually typing passwords is 100% necessary when you're logging into many machines often, like we have to do because we set machines up for internal use and for clients. It's also necessary when logging into things on machines that don't have an installed password manager.
> All others should be auto-typed. Do not use clipboards either.
I wish these were feasible, but they're not. Bitwarden is the password manager I always recommend because it's open source, the cryptography is very strong, and the free tier is perfectly sufficient for the vast majority of people. Their desktop app is electron 🤮 and doesn't support any form of auto-type and likely never will because electron 🤮. Many other password managers are exactly the same. The only one I know of that has auto-type off the top of my head is KeePassXC and shell scripts that use xdotool/ydotool with pass or gopass or one of the other implementations.
Manually typing passwords is only a problem if there's a physical keylogger between your keyboard and the password field. If it's a software-based keylogger, auto-type from your password manager is exactly the same as manually typing them. I agree that it's always best to avoid using a clipboard, but imo that's just not a feasible mandate in the real world.