this post was submitted on 18 Sep 2023
78 points (89.0% liked)
Technology
59135 readers
2532 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Did they live through the same pandemic I did? Because I distinctly remembering that “simple” advice apparently being too confusing for a huge portion of the population.
The advice these days on computer security is simple too: Use a password manager and let it make a unique password for every site and don’t tell anyone your password.
Of course in the tech world we immediately have a lot of sites that make that impossible, frequently starting with the ones that should be the most secure, your banks and your phone.
Covid advice was simple, people understood it but many didn't comply because they didn't find it convenient. There were also covid-deniers, and people who significantly underestimated it. There were people who found corporate cyber security measures inconvenient too in the places I worked, but ignorance was I think always the more important reason.
I also think it isn't enough for the advice to be simple, it should be somewhat easy to apply. "Don't fall into phishing emails". Sure, but how? Then it lists a bunch of tricks and hints and people can rarely remember all, and apply while they go through tens of emails daily. I think this is the message from the article.
Advice against phishing emails can be reduced to, "1: Never click on a link, call a phone number, download an attachment, or follow instructions you found in an email unless you were already expecting this exact email from this exact sender. 2: If you really want to do those things, search up the organization's website directly and use the contact info they provide there instead."
imo it's the ad-hungry articles stretching everything into 10+ pages that's making advice so inaccessible to people. Super annoying because it dilutes the real, simple message that's already there, it's just locked behind an adwall.
It’s pretty amazing how many people still remember and reuse passwords for everything. I think it is still as simple as people haven’t heard of password managers or they’re just too overwhelmed with adding all of their passwords to a password manager and then changing them to something unique.
Password managers sound like putting all your eggs in one basket.
This is why security is complicated: It's all about trading risks. Are password managers secure? Yes, unless someone gets your database and can decrypt it. Is writing the password down secure? Yes, unless someone gets physical access to your system. Is memorizing your password secure? Yes, unless someone does some lead pipe decryption on your kneecaps.
For most people, a password manager is better than paper and memorizing.
If you work at a company that provides a password manager, then it's an easy choice for your work-related passwords. For personal stuff, though? There's nothing out there I feel comfortable recommending that isn't a pain in the ass.
Cloud services are mostly bullshit. LastPass got hacked hard earlier this year. OnePassword is no better. BitWarden is maybe better but self-hosting is obviously too high a bar and if you use their cloud service then you're still giving all your passwords to a third party.
And then if you actually want it to be convenient you need browser plugins. Nah.
Offline solutions like Keepass are great but then you need to find a way to manually sync them across devices. Pick your poison.