All spiders (and tarantulas) are venomous.

Whether or not the venom is medically significant to humans… That varies by species.

All scriptures, equal space for each scripture, same font (not necessarily same size) same colors.

Also need to leave some space for new religions/scriptures. It’s only fair.

Ghoul in the streets, feral in the sheets.

Left the market a few years ago. Sorry bud. I wanted to get the Wing, but grabbed a OnePlus 9 Pro instead. No regrets.

No. That’s (almost) all Samsung devices. They make decent screens and camera sensors though…

Yep. Biggest disappointment about the 2008 crisis was that all the people who caused it were able to go back to work and start doing it all over again

I say, if you crash the global economy, you ought to be relegated to fast food service for the rest of your life.

Screw that, turn off the oxygen if it isn’t their turn.

A second password would not be 2FA, it would just be two passwords.

2 Factor refers to 2 different ways of proving your identity. Something you know (your password) and something you have (your phone). You can also get dedicated 2FA devices, they look like a little USB drive with a screen, but honestly, they are more of a pain to deal with than your phone, and most 2FA systems do not have support for all the different brands and devices.

Identity is a construct, and it absolutely can be stolen.

No 2FA on an account these days is like having a fucking bead curtain for a front door.

Kickback congress for 1% of those fees.

Personally, I’d prefer a monthly fine for unfilled housing, that is based on the rate you are charging for it. Landlord wants to jack your rent up 20%? If you leave, they pay a fine, based on that amount until they fill the unit. The fines go to subsidizing housing costs, so there is a self-balancing system. Right now, with property values increasing at insane rates, owners don’t really need to rent to break even, which leaves them free to price gouge their tenants. There is little pressure pushing rates back down, and there is all the freedom in the world to jack them up as high as you want.

Courts should find insurance companies liable for billing mistakes that you have to spend your time and resources to correct. Compensation should be 100 dollars a minute.

I can’t really endorse any one over the others. We use LastPass at my workplace, but they were compromised recently. I didn’t use the service though, still reset my passwords just in case.

I would look for a manager that has a policy of transparency. Breaches happen, they are a fact of life. Both the systems being used, and the people using them are not infallible. I would be more comfortable with a service that notified me immediately when they were breached, and provided easy resolution. When LastPass was breached, they were extremely open about it, and notified their users. Plus, if you use a PW manager, it’s pretty easy to go back in all your services and update the passwords, since you have a list of them and a random PW generator easily accessible. It probably took most people less than an hour to recover.

Not bad, but I could see that creating passwords that are too long for some systems, and it would be vulnerable to dictionary attacks. Also, what would you do when the site requires a password reset?

Maybe do your strat, but only do every other, or every 3rd letter as a short word, and use a Caesar cipher, incrementing the cipher once each time you have to reset? Sounds kinda fun, but I don’t think most sane people would do that… Open to ideas though.

Until the password manager gets compromised, or you lose access to your PW manager. In that case, you’ll really wish you had implemented “Zone 3” of my plan.

For absolutely best security, you would change your password to a new, extremely long, randomly generated character string every time you logged in. What the best security options are, and what users are willing/able to put up with has a very small, if any overlap.

As for writing them down, my advice is to obfuscate them. Apply your own secret code to the password, hide it in a poem, get creative. Once an attacker is at your desk, they pretty much own your shit. At that level, the only thing your password is providing is privacy, not security.

As long as your phone is secure, and the manager only stores data locally, I’d say yes. I would still encourage you to have any “reset capable” accounts secured with a strong password and 2FA that is not in your PW manager.

As with all things IT, there is a tradeoff between comfort/usability and security.

Shitty sites that store PWs in plain text, or they get compromised and the password is figured out from the hash. Probably the most common way right now is phishing, and with AI/LLM it’s pretty easy to do spearphishing attacks on a large scale. The target enters their password on a seemingly legit site, but it’s actually an attacker’s site that logs the PW. There are lots of ways to get a password, and password-only authentication is considered pretty weak, even with a “strong” password.

IT, more specifically user support.

Let’s talk passwords. You should have a different password for every site and service, over 16 character long, without any words, or common misspellings, using capital, lowercase, number and special characters throughout. MyPassword1! is terrible. Q#$bnks)lPoVzz7e? is better. Good luck remembering them all, also change them all every 30 days, so here are my secrets.

1: write your password down somewhere, and obfuscate it. If an attacker has physical access to your desk, your password probably isn’t going to help much. 2: We honestly don’t expect you to follow those passwords rules. I suggest breaking your passwords down into 3 security zones. First zone, bullshit accounts. Go ahead and share this one. Use it for everything that does not have access to your money or PII (Personally Identifiable Information). Second zone, secure accounts, use this password for your money and PII accounts, only use it on trusted sites.Third, reset accounts. Any account that can reset and unlock your other accounts should have a very strong and unique password, and 2FA.

Big industry secret, your passwords can get scraped pretty easily today, 2FA is the barest level of actual security you can get. Set it up. I know it’s a pain, but it’s really all we’ve got right now.