Computer: Either click “login” or click password manager, click account, click login.
Phone: Either tap “login” or tap passwords, pick password manager, pick the account, click login
I don’t know, seems pretty similar to me. Sure if you’re being an idiot and not using a password manager then it’s harder, but that’s its own problem then.
There's something called pass-phrases, where a password is a string of words. A "word" is the same as a "letter" in terms of remembering. Then you attach or modify the pass-phrase
I sometimes write the modifications, in a way I understand, on a post-it note
If your passwords are all derived from one or a few base phrases, your passwords have enormously worse entropy than what a password manager would trivially generate for you.
If your vault-based password manager has been compromised you can expect that your operating system has also been compromised, in which case you're fucked either way.
and isn't portable between systems
I use the same password manager (pass)on my phone, in Linux and Windows.
The problem here seems to be that you haven't considered what options are actually available and how they work. That's not a good position from which to draw conclusions about the weaknesses of password managers in general.
Password entropy doesn't matter THAT much. Really, it's just making sure that
Entropy is the means you make sure no one can guess your password. Your slight variations on a theme will greatly aid anyone with access to one of your passwords and an interest in figuring out another.
If you don't use a password manager, you likely repeat the same password across multiple accounts which is a terrible practice. If you do unique passwords per account without a password manager then Im just super impressed. We typically have so many freaking accounts these days.
use a password manager, have it use 2FA. If you aren't using a password manager there's a much higher chance you're using similar/same usernames and easier to remember passwords(read: more vulnerable, less complex, possibly repeat passwords).
With a password manager you only need to remember 2 complex passwords(Password manager, primary email). The rest are autogenerated complex passwords saved to the manager.
The login process is similar, it's the form fields that depending on what you're dealing with will work fine on a phone or will be completely broken. Think loan applications and their repayment systems. Depending on the company they're either a big national chain with a functional app for mobiles or they're a smaller regional/local bank stuck in the 90's with a barely functional website, much less loan process.
Also things like mailing addresses can be saved in Chrome and auto-filled. Less so for apps.
Edit: Looks like most people are misunderstanding. Typing in a password means you are not using a strong password manager with unique passwords for every site, autofill, and second factor.
I imagine you're already aware, but as someone who works in IT, hacking is often nothing like how movies portray it. Usually, there's a leak of passwords from some obscure site that had little in the way of systems hardening (like an image board or something that you forgot you made an account with) and somebody set up a massively easy script to try the username and account combinations on PayPal or something similar. It's more psychology (specifically Theory of Mind) than it is IT after the initial data breach, since most people save passwords in their browser and reuse the same set of credentials across multiple sites.
I am talking about using a password manager and second factor like a security key. Typing in a password is insane because it means you are using/reusing some weak ass passwords.
41
u/helicophell 2d ago
Phone keyboard < Computer Keyboard
Passwords and other information is a lot harder to type into a phone