1 |
On 2019.02.04 06:10, Nikos Chantziaras wrote: |
2 |
> On 04/02/2019 07:47, Dale wrote: |
3 |
>> How do you, especially those who admin systems that are always being |
4 |
>> hacked at, generate strong passwords that meet the above? I've |
5 |
>> googled |
6 |
>> and found some ideas but if I use the same method, well, how many |
7 |
>> others |
8 |
>> are using that same method, if you know what I mean. ;-) Just |
9 |
>> looking |
10 |
>> for ideas. |
11 |
> |
12 |
> I don't use a password manager. For website logins, I just use the |
13 |
> password manager in the browser (Firefox), which does not use a |
14 |
> master password :-P I just assume my own system is not going to be |
15 |
> compromised. |
16 |
> |
17 |
> For the websites I use, I generate a unique password per site using |
18 |
> this command: |
19 |
> |
20 |
> $ pwmake 128 |
21 |
> |
22 |
> This generates a password using 128 bits of entropy from |
23 |
> /dev/urandom. You need dev-libs/libpwquality being installed (it's a |
24 |
> dep of something important, I think, so should be installed on most |
25 |
> systems already.) |
26 |
> |
27 |
> For remote systems I administer through SSH, I don't use passwords. I |
28 |
> use a public/private key pair to log in (4096 bits.) My private key |
29 |
> is protected with a strong password though, but it's easy to remember |
30 |
> since it doesn't need to change. Something like: |
31 |
> |
32 |
> ilp&mac4d@4*r |
33 |
> |
34 |
> Which is short for: |
35 |
> |
36 |
> I like pizza and macaroni for dinner at four star restaurants. |
37 |
The problem I have with many of these suggestions is that I have |
38 |
multiple devices (two desktops, two laptops, tablet, android phone) I |
39 |
use sufficiently often that I either need to be able to remember the |
40 |
passwords or have some way of easily accessing them when I'm not |
41 |
sitting at my main desktop. Other than using a password manager (which |
42 |
I do not currently have) how to others deal with this? |
43 |
|
44 |
Jack |