Removed by mod
Removed by mod
A paper password manager is still better than no password manager. A piece of paper could be secure enough: it’s offline and you can read passwords only with physical access to it. It’s not that bad
The issue is that it’s very easy to just pickpocket it, and then you get access to everything.
It is likely overall better than reusing the same password, but I don’t recommend it.
The NIST recommends against a forced password rotation https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/nists-new-password-rule-book-updated-guidelines-offer-benefits-and-risk
It’s bizarre how despite these recommendations I’ve had multiple workplaces that change passwords monthly. Add stringent complexity requirements, and you get sticky notes everywhere with full logon details.
A sign in button would be about the same level of security.
Take the sign in button and put it on the user’s phone that requires biometrics/PIN and you’ve probably got a pretty darn secure system.
Risk management > blind security rules. The latter is security theatre.
deleted by creator
UFA? But then again only usable for few sites compared to thousands of OTP client passes
