mtbc: maze I (white-red)
[personal profile] mtbc
Passwords are tricky to deal with. I like to have fairly long, random ones and to not reuse them. With the various accounts I have this means there are rather a lot of passwords to remember, an especial challenge when some must be changed on a regular basis and others ought to be.

Further, some authentication like for online banking requires various ancillary information: answers to security questions and the like. I do not like to give correct answers to these, nor reuse the answers, so that is even more to remember.

Some people use mnemonics but it is easy for one's mind to blank out on something well-known. I could keep written records in our safe but one sometimes require a rarely used password exactly at an inconvenient time or place. I certainly do not trust password-keeping apps.

I am not proposing or soliciting answers so much as noting that practical password management is a hard problem. Still, as ever, others' thoughts are most welcome.

Date: 2017-06-26 10:46 pm (UTC)
mindstalk: (Default)
From: [personal profile] mindstalk
I think Bruce Schneier actually recommends writing stuff down. Probably not a post-it on your monitor, but in your wallet or something. For most people that's not the high risk avenue of attack. One thing I'd suggest with that is 'dehydrating' or 'poisoning' what you write down: either don't write down the whole thing, or add a decoy part you know to leave out, or both. That way if someone does get the record, it's not immediately useful; a mugger or SO is more likely to give up than use it as the basis of a faster brute force attack. Dehydrating is probably more robust, vs. multiple passwords with shared poison.

It's a bit like having a password app, except instead of having a master password to unlock or hash=generate final passwords, you have a master password[1] to generate via appending or prepending or such.

[1] If you have one strong shared component; you could also have multiple weaker ones. Password length limits sometimes force that.

Date: 2017-06-28 10:05 pm (UTC)
goldibehr: (Default)
From: [personal profile] goldibehr
I use a password manager app on my android phone, with the "master" database file on my PC at home. There's just too many to remember, and more and more sites are locking you out after a few wrong guesses.
Edited Date: 2017-06-28 10:06 pm (UTC)

Date: 2017-07-03 12:49 pm (UTC)
goldibehr: (Default)
From: [personal profile] goldibehr
Using an encrypted password manager also lets you make up wacky answers to the security questions. But a downside is that you need to hope no other app is snooping on you while the manager is running.

Profile

mtbc: photograph of me (Default)
Mark T. B. Carroll

July 2017

S M T W T F S
       1
234 5678
910 11 12 13 1415
161718 19202122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 20th, 2017 04:34 pm
Powered by Dreamwidth Studios