| 1 |
Mark David Dumlao wrote: |
| 2 |
> On Mon, Feb 11, 2019 at 1:00 AM Andrew Savchenko <bircoph@g.o> wrote: |
| 3 |
>> On Sun, 10 Feb 2019 10:27:32 -0600 Dale wrote: |
| 4 |
>>> My password manager does that already. The password I was trying to |
| 5 |
>>> come up with was the master password which I must easily remember, be |
| 6 |
>>> secure and be easy to type. The other passwords I let the password |
| 7 |
>>> manager generate and remember as well. I don't type those so they can |
| 8 |
>>> be anything. |
| 9 |
>> The line above is approximately the same how I got one of my master |
| 10 |
>> passwords. It is not that hard to remember 30-40 random chars. |
| 11 |
>> Just try typing them several hundred times. I'm serious. |
| 12 |
> That's one of the problems of secure password generation is that human |
| 13 |
> memory is used backwards. Things become encoded permanently in our |
| 14 |
> memory after the fact that we've repeated them several times, but most |
| 15 |
> password generation utilities require you to have perfect memory |
| 16 |
> first, THEN use repetition to enforce it. |
| 17 |
> |
| 18 |
> Both a managed password / algorithmic approach gets this more |
| 19 |
> humanely. You need to first have a reliable way to generate the |
| 20 |
> pssword, and if you typie it enough times, your brain will commit it |
| 21 |
> to memory. |
| 22 |
> |
| 23 |
> |
| 24 |
|
| 25 |
|
| 26 |
My biggest thing was to find a way to come up with it. Most use some |
| 27 |
famous quote or song and then each first letter or something with a few |
| 28 |
numbers and symbols thrown in. Thing is, I don't really have any of |
| 29 |
those. So, what I did, I based it on model numbers of some things I |
| 30 |
like. I threw in a few symbols as well just to make it harder. |
| 31 |
|
| 32 |
I might add, I used three password strength sites to sort of give me a |
| 33 |
idea on strength. I tried different methods to shorten the thing and |
| 34 |
make it easier to type as well. I actually ended up with a slightly |
| 35 |
shorter password but one that the meters said would be harder to crack. |
| 36 |
I might add, the difference was large. The original was something along |
| 37 |
the lines of thousands of years. The end result that was easier to type |
| 38 |
and slightly shorter was millions of years. I was able to put in more |
| 39 |
symbols. Those things help toughen up a password pretty quick. |
| 40 |
|
| 41 |
What I find so interesting about this, everyone seems to have a slightly |
| 42 |
or even very different way of doing this. Even if a person is reading |
| 43 |
this list and taking notes, I wish them luck trying to guess our |
| 44 |
passwords. Given the variety of methods used, I don't see how any tool |
| 45 |
could be built that would guess any of our passwords in a short time |
| 46 |
frame either. Now if everyone else would put some effort into this |
| 47 |
instead of using "passw0rd" or something as silly as that, the internet |
| 48 |
would be a much safer place. |
| 49 |
|
| 50 |
I also ran up on some sites that discussed passwords that people |
| 51 |
commonly used and some are just laughable but so bad one should cry. |
| 52 |
Some people are just plain idiots. I might add, some sites restrict |
| 53 |
passwords in ways that keeps a person from generating a really good |
| 54 |
password too. Some need to get with the current threat models instead |
| 55 |
of living in the past when security wasn't such a issue. |
| 56 |
|
| 57 |
Interesting thread. |
| 58 |
|
| 59 |
Dale |
| 60 |
|
| 61 |
:-) :-) |
Archives