1 |
On Tue, Feb 5, 2019 at 3:39 AM Jack <ostroffjh@×××××××××××××××××.net> wrote: |
2 |
> The problem I have with many of these suggestions is that I have |
3 |
> multiple devices (two desktops, two laptops, tablet, android phone) I |
4 |
> use sufficiently often that I either need to be able to remember the |
5 |
> passwords or have some way of easily accessing them when I'm not |
6 |
> sitting at my main desktop. Other than using a password manager (which |
7 |
> I do not currently have) how to others deal with this? |
8 |
> |
9 |
> Jack |
10 |
|
11 |
Haven't posted here in a long while. I personally do not trust password managers |
12 |
for (1) the same reason you gave above and (2) typically the way around it is |
13 |
they store your passwords in the cloud which is all sorts of facepalm from a |
14 |
security perspective. |
15 |
|
16 |
My own solution is actually very simple. I have a "secret algorithm" that |
17 |
incorporates several secrets with a predictable way to generate a site-specific |
18 |
secret. The end result is a 100% predictable way to generate unique passwords |
19 |
for every site that are cryptographically secure from each other (you |
20 |
cannot derive |
21 |
one from the other) which can be generated by any device using the appropriate |
22 |
tools. There is also a protocol for password shifting in case any |
23 |
single password |
24 |
is revealed. |
25 |
|
26 |
The long and short of it is that you can combine secure passwords with hashing |
27 |
techniques, site-specific data, and truncation / peppering in a |
28 |
predetermined way |
29 |
that is easy for you to remember but guarantees that the original secret data is |
30 |
irrecoverable. Then all you need is the hashing program on, say, your phone, |
31 |
and you will always be able to generate the site-specific password when needed. |
32 |
In effect the algorithm is your secret, the site-specific password is |
33 |
just a side |
34 |
effect of that secret. |
35 |
-- |
36 |
This email is: [ ] actionable [x] fyi [x] social |
37 |
Response needed: [ ] yes [x] up to you [ ] no |
38 |
Time-sensitive: [ ] immediate [ ] soon [x] none |