Gentoo Archives: gentoo-user

From: Dale <rdalek1967@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Coming up with a password that is very strong.
Date: Tue, 05 Feb 2019 06:42:42
Message-Id: 1d42622d-ab7c-5673-3f8e-4bc52ddfcfc2@gmail.com
In Reply to: Re: [gentoo-user] Coming up with a password that is very strong. by Tanstaafl
1 Tanstaafl wrote:
2 > On 2/4/2019, 12:47:35 AM, Dale <rdalek1967@×××××.com> wrote:
3 >> Thing is, with today's computing power, it really isn't anymore.
4 >> While no one could just guess it, it could be cracked/hacked I'm
5 >> sure. I need to come up with a new one that meets the requirements I
6 >> just mentioned. Strong, easy to remember, easy to type but won't
7 >> forget. I've read that using maiden names, years of birth or whole
8 >> dates of birth, actual names, pet's name, words in a dictionary and a
9 >> whole list of other things makes it easier, especially if you post a
10 >> lot on social media, for hackers to use against you. I'm trying to
11 >> avoid that sort of thing obviously and have a couple ideas but am
12 >> curious as to what method others use, without exposing to much
13 >> detail since this is public.
14 > I've been using a little Firefox Addon called Passwordmaker for many,
15 > many years, and despite all of its warts, I've been loathe to give it
16 > up, even though it will never be upgraded to work as a WebExtension.
17 >
18 > 2 things I loved about it -
19 >
20 > a) it doesn't save the password locally, only info about the
21 > site/account, and
22 > b) you can use an unlimited number of Master Passwords
23 >
24 > I'm looking at migrating to KeePassXC, and even though I really hate the
25 > idea of saving the actual password - Passwordmaker simply generates the
26 > password on the fly each time based on certain specified criteria (ie,
27 > the site URL, username, password length, etc for each account - one
28 > technique I adopted shortly after assisting in updating the
29 > Passwordmaker website eases my mind about it...
30 >
31 > This is a simple technique I strongly recommend that everyone employ,
32 > especially if you use a Password manager (like LastPass or KeePass)...
33 >
34 > It is uncrackable (well, as long as it isn't the CIA or NSA that wants
35 > to crack it and they are willing to kidnap/torture you to do so).
36 >
37 > You sit down and come up with a ... call it a 'password modification
38 > protocol' ... whereby, you always modify your generated/stored password
39 > in a specific way before pressing enter.
40 >
41 > For example, you delete characters 3, 5 and 7, then add 2 characters to
42 > the beginning and 2 to the end.
43 >
44 > It is very simple, and negates worrying about someone stealing your
45 > password vault.
46 >
47 >
48
49
50 I tried to find it just to see how it works but it isn't listed.  From
51 what you wrote, you may want to at least check into LastPass.  Link
52 below.  It may do what you currently use and some.  I only use the free
53 version and it does more than I need already.  I think if I get a smart
54 phone, I'd have to pay a small monthly fee.  Still, I'm sure there is a
55 tool that will suite your needs.  There are a lot of them out there. 
56 Typing password in the add-on search box produces a LOT of results. 
57 Just find a good one and let it work for you. 
58
59 https://www.lastpass.com/
60
61 I'm not sure I understand what you mean password modification protocol. 
62 It sounds like you change your master password each time you use it.  If
63 I did that, I'd never know which one to use because that would confuse
64 me.  I don't write passwords down, period.  I went to the local nursing
65 home the other day, to drop off some puzzle books and a bunch of
66 bananas, and they have a coded entry thing on the door.  I entered the
67 code a couple times and it didn't work.  One of the nurses that was
68 coming on shift came up and entered the code.  When she told me the
69 code, I realized I was using the code they had before the current one. 
70 I shifted back in time a bit I guess.  I may not have a flux capacitor
71 but I did it anyway.  lol   I admit, some of the new things they use, I
72 have no idea how they work since I've never used most of them.  I've
73 read about a few of them but don't really get how they work.  If I used
74 them, I'd get it.
75
76 What I hate most, when my bank changes something about their login
77 process and a little research shows it accomplishes nothing.  My credit
78 card site has this picture and phrase thing.  I found where it was
79 researched and it does little to actually help because most people don't
80 pay it any attention.  My biggest cheat, I adblock stuff on the bank
81 website, like their great big logo thing.  If I do go to a website and
82 that logo shows up, it didn't match my adblock setting.  At that point,
83 that gets a little extra attention until I know for sure and for certain
84 I'm on the correct site.  Also, LastPass will pick up its on the wrong
85 site to.  It won't fill in the password info if it doesn't match up. 
86 They've had the same logo on the site for years. 
87
88 It's amazing what we have to do with our computers to keep ourselves
89 safe because of . . . computers.  :/  I guess this is one reason I like
90 Linux.  It at least tries to be secure. 
91
92 Dale
93
94 :-)  :-) 

Replies

Subject Author
Re: [gentoo-user] Coming up with a password that is very strong. Tanstaafl <tanstaafl@×××××××××××.org>