• @Bytemeister
    link
    Ελληνικά
    -15 months ago

    For absolutely best security, you would change your password to a new, extremely long, randomly generated character string every time you logged in. What the best security options are, and what users are willing/able to put up with has a very small, if any overlap.

    As for writing them down, my advice is to obfuscate them. Apply your own secret code to the password, hide it in a poem, get creative. Once an attacker is at your desk, they pretty much own your shit. At that level, the only thing your password is providing is privacy, not security.

    • my_hat_stinks
      link
      fedilink
      75 months ago

      Your security is only as good as the weakest link, which is usually people. If your password policy encourages users to stick a note to their screen then your weakest link is anyone in the office deciding to take a selfie or joining a call with their camera on. Best practices balance security with what users are actually willing to do.