On Mon, 12 Jul 2021 09:53:00 +0000, Unbreakable Disease
<unbreakable@secmail.pro> wrote:

>My 50-year old brain isn't capable of memorizing that many passwords
>anymore, so I use KeePassXC. I keep basically everything here including
>my financial passwords and credit card data, with the exception of
>passwords that I would have to remember anyway (full-disk encryption,
>login, primary e-mail passwords, etc.)
>
>Overall, it's much easier to remember and much harder to forget 10
>complicated passwords that you use everyday than 100+ simple passwords
>you use every month or even less.
>
>I can't speak about Windows version of KeePass, because with the
>exception of playing games not available on Macintosh, I haven't used
>one since Windows 95 days.

For what it's worth, I like LastPass. I'm not crazy about the fact
that I can't use it on multiple devices without having to pay for it,
but I can't begrudge the software developers over there the right to
earn a living.

The best strengths in current password technology are in passphrases:

https://useapassphrase.com

There's some great stats in there, such as the amount of time it takes
to crack common spatial word passwords such as "qwerty" or "aaaaaa"...
10 milliseconds.

Or how long it takes to crack a password that's a date like
"03261981"... 2.213 seconds.

However, if you use a sequence of four randomly chosen words like
"mergers decade labeled manager", it'll take 6 million centuries to
crack.

So.

I've converted all my passwords to sequences of four to six words; and
I have an email account at a provider that I've never used to send
email to anyone, or to use as the id for any website. There, I have a
draft of an email saved that holds the information.

I now only need to remember one password, and I can get to everything.
As for the remote chance that the email provider will cease to exist,
I made backup accounts with other major providers, because paranoia.

I don't use email apps to access my password storage account; and I
use Tor to get to it for the sake of anonymity. I'd be fairly
impressed if someone got through that level of security, and it's
probably overkill, but why take the risk?

While I'm at it... does everyone know about

https://haveibeenpwned.com

You can put your email address in there, and see if it's been involved
in any large-scale thefts. It's got records going back years, and I
was fairly shocked to see that my wife's account had been hacked years
ago.

--
Cheers,
Dreamer
AA 2306

"The fact that a believer is happier than a skeptic is no
more to the point than the fact that a drunken man is
happier than a sober one. The happiness of credulity is a
cheap and dangerous quality of happiness, and by no means
a necessity of life."

George Bernard Shaw
Androcles and the Lion

Dreamer In Colore <dreamerincolore@hotmail.com> writes:
> On Mon, 12 Jul 2021 09:53:00 +0000, Unbreakable Disease
> <unbreakable@secmail.pro> wrote:
>>My 50-year old brain isn't capable of memorizing that many passwords
>>anymore, so I use KeePassXC. I keep basically everything here including
>>my financial passwords and credit card data, with the exception of
>>passwords that I would have to remember anyway (full-disk encryption,
>>login, primary e-mail passwords, etc.)
>>
>>Overall, it's much easier to remember and much harder to forget 10
>>complicated passwords that you use everyday than 100+ simple passwords
>>you use every month or even less.
>>
>>I can't speak about Windows version of KeePass, because with the
>>exception of playing games not available on Macintosh, I haven't used
>>one since Windows 95 days.
>
> For what it's worth, I like LastPass. I'm not crazy about the fact
> that I can't use it on multiple devices without having to pay for it,
> but I can't begrudge the software developers over there the right to
> earn a living.
>
> The best strengths in current password technology are in passphrases:
>
> https://useapassphrase.com
>
> There's some great stats in there, such as the amount of time it takes
> to crack common spatial word passwords such as "qwerty" or "aaaaaa"...
> 10 milliseconds.
>
> Or how long it takes to crack a password that's a date like
> "03261981"... 2.213 seconds.
>
> However, if you use a sequence of four randomly chosen words like
> "mergers decade labeled manager", it'll take 6 million centuries to
> crack.
>
> So.
>
> I've converted all my passwords to sequences of four to six words; and
> I have an email account at a provider that I've never used to send
> email to anyone, or to use as the id for any website. There, I have a
> draft of an email saved that holds the information.
>
> I now only need to remember one password, and I can get to everything.
> As for the remote chance that the email provider will cease to exist,
> I made backup accounts with other major providers, because paranoia.
>
> I don't use email apps to access my password storage account; and I
> use Tor to get to it for the sake of anonymity. I'd be fairly
> impressed if someone got through that level of security, and it's
> probably overkill, but why take the risk?
>
> While I'm at it... does everyone know about
>
> https://haveibeenpwned.com
>
> You can put your email address in there, and see if it's been involved
> in any large-scale thefts. It's got records going back years, and I
> was fairly shocked to see that my wife's account had been hacked years
> ago.

I use a couple of programs I wrote to generate random passwords and
passphrases:

https://github.com/Keith-S-Thompson/random-passwords

It's two Perl scripts. gen-password generates random passwords with
specified criteria, and gen-passphrase generates xkcd-style random word
sequences using the system dictionary or a specified one.

--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:

> I use a couple of programs I wrote to generate random passwords and
> passphrases:
>
> https://github.com/Keith-S-Thompson/random-passwords
>
> It's two Perl scripts. gen-password generates random passwords with
> specified criteria, and gen-passphrase generates xkcd-style random word
> sequences using the system dictionary or a specified one.

I use dicewords and a set of casino dice.

--
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
http://www.mirrorservice.org