mtbc: maze I (white-red)
[personal profile] mtbc
Passwords are tricky to deal with. I like to have fairly long, random ones and to not reuse them. With the various accounts I have this means there are rather a lot of passwords to remember, an especial challenge when some must be changed on a regular basis and others ought to be.

Further, some authentication like for online banking requires various ancillary information: answers to security questions and the like. I do not like to give correct answers to these, nor reuse the answers, so that is even more to remember.

Some people use mnemonics but it is easy for one's mind to blank out on something well-known. I could keep written records in our safe but one sometimes require a rarely used password exactly at an inconvenient time or place. I certainly do not trust password-keeping apps.

I am not proposing or soliciting answers so much as noting that practical password management is a hard problem. Still, as ever, others' thoughts are most welcome.

Date: 2017-06-26 10:46 pm (UTC)
mindstalk: (Default)
From: [personal profile] mindstalk
I think Bruce Schneier actually recommends writing stuff down. Probably not a post-it on your monitor, but in your wallet or something. For most people that's not the high risk avenue of attack. One thing I'd suggest with that is 'dehydrating' or 'poisoning' what you write down: either don't write down the whole thing, or add a decoy part you know to leave out, or both. That way if someone does get the record, it's not immediately useful; a mugger or SO is more likely to give up than use it as the basis of a faster brute force attack. Dehydrating is probably more robust, vs. multiple passwords with shared poison.

It's a bit like having a password app, except instead of having a master password to unlock or hash=generate final passwords, you have a master password[1] to generate via appending or prepending or such.

[1] If you have one strong shared component; you could also have multiple weaker ones. Password length limits sometimes force that.

Date: 2017-06-28 10:05 pm (UTC)
goldibehr: (Default)
From: [personal profile] goldibehr
I use a password manager app on my android phone, with the "master" database file on my PC at home. There's just too many to remember, and more and more sites are locking you out after a few wrong guesses.
Edited Date: 2017-06-28 10:06 pm (UTC)

Date: 2017-07-03 12:49 pm (UTC)
goldibehr: (Default)
From: [personal profile] goldibehr
Using an encrypted password manager also lets you make up wacky answers to the security questions. But a downside is that you need to hope no other app is snooping on you while the manager is running.

Profile

mtbc: photograph of me (Default)
Mark T. B. Carroll

September 2017

S M T W T F S
      1 2
3 4 5 6 78 9
10 1112 13 14 15 16
171819 20212223
24252627282930

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 21st, 2017 10:37 am
Powered by Dreamwidth Studios