1 |
Mark David Dumlao wrote: |
2 |
> On Mon, Feb 11, 2019 at 1:00 AM Andrew Savchenko <bircoph@g.o> wrote: |
3 |
>> On Sun, 10 Feb 2019 10:27:32 -0600 Dale wrote: |
4 |
>>> My password manager does that already. The password I was trying to |
5 |
>>> come up with was the master password which I must easily remember, be |
6 |
>>> secure and be easy to type. The other passwords I let the password |
7 |
>>> manager generate and remember as well. I don't type those so they can |
8 |
>>> be anything. |
9 |
>> The line above is approximately the same how I got one of my master |
10 |
>> passwords. It is not that hard to remember 30-40 random chars. |
11 |
>> Just try typing them several hundred times. I'm serious. |
12 |
> That's one of the problems of secure password generation is that human |
13 |
> memory is used backwards. Things become encoded permanently in our |
14 |
> memory after the fact that we've repeated them several times, but most |
15 |
> password generation utilities require you to have perfect memory |
16 |
> first, THEN use repetition to enforce it. |
17 |
> |
18 |
> Both a managed password / algorithmic approach gets this more |
19 |
> humanely. You need to first have a reliable way to generate the |
20 |
> pssword, and if you typie it enough times, your brain will commit it |
21 |
> to memory. |
22 |
> |
23 |
> |
24 |
|
25 |
|
26 |
My biggest thing was to find a way to come up with it. Most use some |
27 |
famous quote or song and then each first letter or something with a few |
28 |
numbers and symbols thrown in. Thing is, I don't really have any of |
29 |
those. So, what I did, I based it on model numbers of some things I |
30 |
like. I threw in a few symbols as well just to make it harder. |
31 |
|
32 |
I might add, I used three password strength sites to sort of give me a |
33 |
idea on strength. I tried different methods to shorten the thing and |
34 |
make it easier to type as well. I actually ended up with a slightly |
35 |
shorter password but one that the meters said would be harder to crack. |
36 |
I might add, the difference was large. The original was something along |
37 |
the lines of thousands of years. The end result that was easier to type |
38 |
and slightly shorter was millions of years. I was able to put in more |
39 |
symbols. Those things help toughen up a password pretty quick. |
40 |
|
41 |
What I find so interesting about this, everyone seems to have a slightly |
42 |
or even very different way of doing this. Even if a person is reading |
43 |
this list and taking notes, I wish them luck trying to guess our |
44 |
passwords. Given the variety of methods used, I don't see how any tool |
45 |
could be built that would guess any of our passwords in a short time |
46 |
frame either. Now if everyone else would put some effort into this |
47 |
instead of using "passw0rd" or something as silly as that, the internet |
48 |
would be a much safer place. |
49 |
|
50 |
I also ran up on some sites that discussed passwords that people |
51 |
commonly used and some are just laughable but so bad one should cry. |
52 |
Some people are just plain idiots. I might add, some sites restrict |
53 |
passwords in ways that keeps a person from generating a really good |
54 |
password too. Some need to get with the current threat models instead |
55 |
of living in the past when security wasn't such a issue. |
56 |
|
57 |
Interesting thread. |
58 |
|
59 |
Dale |
60 |
|
61 |
:-) :-) |