Comment by 14u2c
1 day ago
>Agreed, but I think using the same device to access your password manager and for dev is asking for trouble in the first place.
That seems somewhat unrealistic? There are many passwords you need to use as part of dev work.
One could perhaps put those in a different vault. Sounds like a pain to me. But nothing compared to an email and/or banking compromise.
It becomes tricky when all your passwords are randomly generated, 24 characters long, full of symbols, special characters, casing variations, etc. All of mine are an absolute nightmare to type manually.
I suppose that becomes a pretty strong argument for passphrases + MFA, because passphrases are much easier to type in manually. But the problem there is lots of services still have stupid/arbitrary maximum password length restrictions that make it difficult or impossible to use a sufficiently complex passphrase.
It’s very frustrating.
You can generate "pronounceable" passwords in some tools.
1PW just generated this for me: mimp-rort-jan-mon-kain-sqin
Not as much entropy as 24 random letters/digit/punctuations/capitalisation. But (for me at least) much easier to read end type in situations where copy/paste isn't available (like from my phone to my dev docker containers)
2 replies →