Gentoo Archives: gentoo-user

From: Dale <rdalek1967@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Coming up with a password that is very strong.
Date: Sun, 10 Feb 2019 22:45:07
In Reply to: Re: [gentoo-user] Coming up with a password that is very strong. by Mark David Dumlao
Mark David Dumlao wrote:
> On Mon, Feb 11, 2019 at 1:00 AM Andrew Savchenko <bircoph@g.o> wrote: >> On Sun, 10 Feb 2019 10:27:32 -0600 Dale wrote: >>> My password manager does that already. The password I was trying to >>> come up with was the master password which I must easily remember, be >>> secure and be easy to type. The other passwords I let the password >>> manager generate and remember as well. I don't type those so they can >>> be anything. >> The line above is approximately the same how I got one of my master >> passwords. It is not that hard to remember 30-40 random chars. >> Just try typing them several hundred times. I'm serious. > That's one of the problems of secure password generation is that human > memory is used backwards. Things become encoded permanently in our > memory after the fact that we've repeated them several times, but most > password generation utilities require you to have perfect memory > first, THEN use repetition to enforce it. > > Both a managed password / algorithmic approach gets this more > humanely. You need to first have a reliable way to generate the > pssword, and if you typie it enough times, your brain will commit it > to memory. > >
My biggest thing was to find a way to come up with it.  Most use some famous quote or song and then each first letter or something with a few numbers and symbols thrown in.  Thing is, I don't really have any of those.  So, what I did, I based it on model numbers of some things I like.  I threw in a few symbols as well just to make it harder.  I might add, I used three password strength sites to sort of give me a idea on strength.  I tried different methods to shorten the thing and make it easier to type as well.  I actually ended up with a slightly shorter password but one that the meters said would be harder to crack.  I might add, the difference was large.  The original was something along the lines of thousands of years.  The end result that was easier to type and slightly shorter was millions of years.  I was able to put in more symbols.  Those things help toughen up a password pretty quick. What I find so interesting about this, everyone seems to have a slightly or even very different way of doing this.  Even if a person is reading this list and taking notes, I wish them luck trying to guess our passwords.  Given the variety of methods used, I don't see how any tool could be built that would guess any of our passwords in a short time frame either.  Now if everyone else would put some effort into this instead of using "passw0rd" or something as silly as that, the internet would be a much safer place.  I also ran up on some sites that discussed passwords that people commonly used and some are just laughable but so bad one should cry.  Some people are just plain idiots.  I might add, some sites restrict passwords in ways that keeps a person from generating a really good password too.  Some need to get with the current threat models instead of living in the past when security wasn't such a issue.  Interesting thread. Dale :-)  :-)