strong password myth
|
Author | Content |
---|---|
mbaehrlxer Mar 30, 2012 4:36 AM EDT |
i think xkcd has a better idea for strong passwords: http://xkcd.com/936/ greetings, eMBee. |
JaseP Mar 30, 2012 8:50 AM EDT |
I love that particular cartoon. |
dinotrac Mar 30, 2012 12:54 PM EDT |
There is one good piece of advice in the piece: Long passwords. I like using whole sentences. Make life hard for attackers, easy for the poor folks who have to remember. All that other stuff is helpful -- numbers, symbols, etc, but.... ultimately, easy for people and hard for computers beats everything else. |
cr Mar 30, 2012 2:20 PM EDT |
I'll add one thing to Dino's advice: tabling. For critical servers, I use a sentence or slogan which is humorously reminiscent of the hostname (and, considering my humor, this means it usually means absolutely nothing to anyone else). After CamelCasing the word-edges and imposing case-variation and h@xx0r!ng, I set up the result in rows... NowIs TheTi meFor AllGo ..and read it out in columns. NTmA ohel weel IToG siro The result is not something that can be memorized, but it can be regenerated. Typically, this password is used for a connection which will move to key-based auth, so the password being cumbersome matters less. The original cleartext can be jotted down somewhere, maybe along with conversion hints (table geometry and caps-period) but it's not gonna be figured out, not even by somebody who's read this post. |
Khamul Mar 30, 2012 2:52 PM EDT |
Long passwords don't work, for one simple reason: most websites don't allow you to use passwords greater than a certain number of characters (frequently 12). They also require you to use symbols, numbers, etc., and of course the rules are different for every single website. The only solution is to keep all your passwords written on a piece of paper or saved in a text file, because there's no way in heck that anyone can remember ~50-100 different passwords. The password situation these days is a giant mess. |
jdixon Mar 30, 2012 4:01 PM EDT |
> The only solution is to keep all your passwords written on a piece of paper or saved in a text file, because there's no way in heck that anyone can remember ~50-100 different passwords. KeePassX or any of a number of other password handlers. You remember one password, they store the rest for you in an encrypted database. |
tracyanne Mar 30, 2012 6:37 PM EDT |
KDEWallet has worked for me for 10+ years, over various desktop Environments. |
Khamul Mar 30, 2012 7:10 PM EDT |
KDEwallet has never worked for me, mainly because it only works with KDE apps. Konqueror hasn't been a viable web browser in ages. Moreover, the bigger problem is that these solutions only work if you only use one computer. If you have several like me, it all falls apart. |
jdixon Mar 30, 2012 8:19 PM EDT |
> Moreover, the bigger problem is that these solutions only work if you only use one computer. If you have several like me, it all falls apart. Carry the encrypted database on a USB drive. |
tracyanne Mar 30, 2012 9:04 PM EDT |
@Khamul, ever heard of copy and paste. I've always used it that way, I've never used the integration, it makes you too dependent on a particular way of doing things |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!