10
Switched from a password manager to a physical notebook and my accounts are safer now
I used Bitwarden for 2 years but after that LastPass breach I started thinking. My uncle got hacked through a cloud vault leak last March. Now I keep a small notebook locked in a fire safe with all my logins. Has anyone else gone analog and noticed fewer phishing attempts?
3 comments
Log in to join the discussion
Log In3 Comments
jenkins.reese21d ago
Whoa, hold on - your uncle got hacked through a cloud vault leak? That's rough, I'd be spooked too after that. I can see the appeal of keeping things offline after hearing stories like that, paper's definitely harder to remotely break into. But I'd still worry about losing that notebook in a move or a flood, you know?
8
A fire safe is only fire safe until someone forgets to lock it back up or leaves the key laying around. My cousin did the notebook thing for like three months, then his kid knocked it off the counter and the pages went everywhere. Plus you're one house fire away from losing everything, or one burglary where they grab the whole safe. At least with Bitwarden or any cloud vault, your data is encrypted and backed up in multiple places. Password managers also autofill on phishing sites and warn you, your notebook just sits there quietly while you type your credentials into a fake login page. The human error factor is way higher with paper, you're basically trusting your own memory and organization skills with everything.
4
alex30721d ago
Gotta push back a little on the phishing point though. Password managers are great and all, but they're not magic. If someone's already got malware on your device or you accidentally install a bad browser extension, a password manager can still get tricked into filling credentials on a fake site. I've seen it happen. The autofill feature only works right if the password manager correctly identifies the website domain, and phishers have gotten clever with lookalike URLs and HTTPS certificates. So while a notebook definitely won't warn you about phishing, it also can't be remotely hacked or targeted by phishing kits that specifically try to fool password managers.
9