| 1 |
On 04/02/2019 07:47, Dale wrote: |
| 2 |
> How do you, especially those who admin systems that are always being |
| 3 |
> hacked at, generate strong passwords that meet the above? I've googled |
| 4 |
> and found some ideas but if I use the same method, well, how many others |
| 5 |
> are using that same method, if you know what I mean. ;-) Just looking |
| 6 |
> for ideas. |
| 7 |
|
| 8 |
I don't use a password manager. For website logins, I just use the |
| 9 |
password manager in the browser (Firefox), which does not use a master |
| 10 |
password :-P I just assume my own system is not going to be compromised. |
| 11 |
|
| 12 |
For the websites I use, I generate a unique password per site using this |
| 13 |
command: |
| 14 |
|
| 15 |
$ pwmake 128 |
| 16 |
|
| 17 |
This generates a password using 128 bits of entropy from /dev/urandom. |
| 18 |
You need dev-libs/libpwquality being installed (it's a dep of something |
| 19 |
important, I think, so should be installed on most systems already.) |
| 20 |
|
| 21 |
For remote systems I administer through SSH, I don't use passwords. I |
| 22 |
use a public/private key pair to log in (4096 bits.) My private key is |
| 23 |
protected with a strong password though, but it's easy to remember since |
| 24 |
it doesn't need to change. Something like: |
| 25 |
|
| 26 |
ilp&mac4d@4*r |
| 27 |
|
| 28 |
Which is short for: |
| 29 |
|
| 30 |
I like pizza and macaroni for dinner at four star restaurants. |
Archives