1 |
Nikos Chantziaras wrote: |
2 |
> On 04/02/2019 07:47, Dale wrote: |
3 |
>> How do you, especially those who admin systems that are always being |
4 |
>> hacked at, generate strong passwords that meet the above? I've googled |
5 |
>> and found some ideas but if I use the same method, well, how many others |
6 |
>> are using that same method, if you know what I mean. ;-) Just looking |
7 |
>> for ideas. |
8 |
> |
9 |
> I don't use a password manager. For website logins, I just use the |
10 |
> password manager in the browser (Firefox), which does not use a master |
11 |
> password :-P I just assume my own system is not going to be compromised. |
12 |
> |
13 |
> For the websites I use, I generate a unique password per site using |
14 |
> this command: |
15 |
> |
16 |
> $ pwmake 128 |
17 |
> |
18 |
> This generates a password using 128 bits of entropy from /dev/urandom. |
19 |
> You need dev-libs/libpwquality being installed (it's a dep of |
20 |
> something important, I think, so should be installed on most systems |
21 |
> already.) |
22 |
> |
23 |
> For remote systems I administer through SSH, I don't use passwords. I |
24 |
> use a public/private key pair to log in (4096 bits.) My private key is |
25 |
> protected with a strong password though, but it's easy to remember |
26 |
> since it doesn't need to change. Something like: |
27 |
> |
28 |
> ilp&mac4d@4*r |
29 |
> |
30 |
> Which is short for: |
31 |
> |
32 |
> I like pizza and macaroni for dinner at four star restaurants. |
33 |
> |
34 |
> |
35 |
> |
36 |
|
37 |
|
38 |
One reason I use LastPass, it is mobile. I can go to someone else's |
39 |
computer, use LastPass to say make use of Paypal, Newegg, Ebay etc, |
40 |
logoff and it is like I was never there. Also, if my computer were to |
41 |
die a sudden death, power supply goes bonkers and burns everything in it |
42 |
up including hard drives, my passwords are still safe but available. |
43 |
When I get a new rig built, I can install LastPass, put in my email and |
44 |
password then go on like nothing ever happened. I can also use a |
45 |
neighbors computer to order the parts for a new rig as well. I just use |
46 |
LastPass on their computer. I could do that even if my backups were out |
47 |
of date as well. |
48 |
|
49 |
I also like that it generates passwords that are dang near impossible to |
50 |
crack. It also doesn't have to be anything I can remember either. This |
51 |
is a few examples of what it generates. |
52 |
|
53 |
*k0Dx^RiNPHOocIg |
54 |
|
55 |
5wfy&YQA&vNa4^HHgwZ3 |
56 |
|
57 |
NnWM9DwCrVYyVryS3Aa9 |
58 |
|
59 |
Now I admit, I sometimes see one that pops up that I don't like the |
60 |
looks of and I click for a new one. Just like the last one in the |
61 |
list. It has two of the same letter at the beginning. One upper and |
62 |
one lower but still the same. I'd skip that one. Still, good luck |
63 |
guessing it easily. Cracking it is always possible but it makes it |
64 |
difficult. Also, I sometimes have to leave off the other characters |
65 |
since some websites don't allow those. My bank for example doesn't |
66 |
allow a couple of them. I think "*" and "$" is a no go. It does reject |
67 |
it when you try to enter it tho. |
68 |
|
69 |
If I were to ever get me a smart phone, LastPass works on those too. I |
70 |
still like my Razr tho. It makes phone calls and allows me to text. It |
71 |
does what I need. It also takes the place of a watch as well. ;-) |
72 |
|
73 |
I get why some may just use Firefox or other browsers password tool but |
74 |
thing is, if you don't have a backup of it and something happens, you |
75 |
could be working a while to get those passwords going again. If I |
76 |
recall correctly, I have to go to the bank, present ID and such to do a |
77 |
complete reset of my bank password. I know it was that way several |
78 |
years ago because I had to do it once. |
79 |
|
80 |
Those keys do work for things that support it. I don't think any site I |
81 |
use has that ability tho. If it does, I don't know about it. Maybe one |
82 |
day tho. |
83 |
|
84 |
Dale |
85 |
|
86 |
:-) :-) |