A password you can't remember is not a good password.
Most systems really shouldn't require a password from you. Passwords are an anti-pattern. No human being can generate unique strong passwords at the rate that is required for the modern world.
What you can do to help, is use a way to help you deal with the hurdle in a secure manner, which also makes life more convenient for you.
You should have a strong master password for a password manager, and then use it's tools to generate new unique strong passwords, and they can autofill your passwords later making them even more convenient than plain passwords can ever be, while clearly increasing your security.
Any other strategy depends on your limited capability to remember and generate passwords, which typically ends up with either just reusing passwords, or using something like mypassword-dev.to, both of which depend too strongly on every developer on the planet knowing (and caring) how to sensibly store passwords in their systems. Quite a lot of them still don't.
If even ONE site with your "clever" mypassword-dev.to variant (or even worse, just your reused mypassword) gets compromised, then ALL your accounts are potentially compromised. It depends a bit on your luck in terms of how good the developer was (did they use plain text, or plain MD5, or properly configured PBKDF2), and a bit on your password complexity.
Now, even if it's just an MD5, if you use a good long random password, it won't get cracked even with rainbow tables - collisions will be more easy to generate, but ultimately quite pointless as it's random and you don't reuse it anywhere.
Anti-virus software should be dropped, except on Macs. Honestly, those things open more holes than they could ever close.
Seems like a rather weak argument. Since computers have security problems, we should stop using computers. Since there have been security problems in browsers, we should stop using browsers. Eh, I don't buy it.
They might open up new attack vectors for e.g. advanced persistent threats, but most people don't get targeted like that. Most people simply bump into malware the normal way (bad links, worms, ...), and these tools do an excellent job at protecting against those.
You're of course free to choose to apply whatever security strategy you wish.
I fail to understand why third-party tools based on the security failure Electron -- like Slack, Discord and so on -- have made it into the list of "internal communication tools". What is wrong with Jabber/XMPP and/or the IRC?
Frankly, quite a lot. There is a reason those tools are getting out of fashion and being replaced typically with Slack in the tech world.
With these tools I can:
Search the history
Use formatting
Do calls, incl. video calls, screen sharing, and teleconferencing
Attach files
Get tons of productivity and convenience increasing integrations
If you don't trust their Electron clients, don't use them. They web based clients as well.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Most systems really shouldn't require a password from you. Passwords are an anti-pattern. No human being can generate unique strong passwords at the rate that is required for the modern world.
What you can do to help, is use a way to help you deal with the hurdle in a secure manner, which also makes life more convenient for you.
You should have a strong master password for a password manager, and then use it's tools to generate new unique strong passwords, and they can autofill your passwords later making them even more convenient than plain passwords can ever be, while clearly increasing your security.
Any other strategy depends on your limited capability to remember and generate passwords, which typically ends up with either just reusing passwords, or using something like
mypassword-dev.to, both of which depend too strongly on every developer on the planet knowing (and caring) how to sensibly store passwords in their systems. Quite a lot of them still don't.If even ONE site with your "clever"
mypassword-dev.tovariant (or even worse, just your reusedmypassword) gets compromised, then ALL your accounts are potentially compromised. It depends a bit on your luck in terms of how good the developer was (did they use plain text, or plain MD5, or properly configured PBKDF2), and a bit on your password complexity.Now, even if it's just an MD5, if you use a good long random password, it won't get cracked even with rainbow tables - collisions will be more easy to generate, but ultimately quite pointless as it's random and you don't reuse it anywhere.
Seems like a rather weak argument. Since computers have security problems, we should stop using computers. Since there have been security problems in browsers, we should stop using browsers. Eh, I don't buy it.
They might open up new attack vectors for e.g. advanced persistent threats, but most people don't get targeted like that. Most people simply bump into malware the normal way (bad links, worms, ...), and these tools do an excellent job at protecting against those.
You're of course free to choose to apply whatever security strategy you wish.
Frankly, quite a lot. There is a reason those tools are getting out of fashion and being replaced typically with Slack in the tech world.
With these tools I can:
If you don't trust their Electron clients, don't use them. They web based clients as well.