I don't get ssh.. more secure? Making better passwords.
in [General Linux]
|
From: Kenny McCormack on 18 Jun 2010 13:16 In article <hvg758$hc5$1(a)speranza.aioe.org>, jellybean stonerfish <stonerfish(a)geocities.com> wrote: .... >He smiled when I created a password in front of him that will be >impossible to forget, and the system he had told him it was 97% >strength. Obvious caveat on the word "impossible"... But seriously, yes, if you only have one password to remember, then it can't be as obscure and weird as you are capable of, and you will pretty much have acheived the goal. But this conflicts with the other edict, which says you should have different passwords on different systems (and note that even without that edict, most people who work in IT have two separate existences - their "at work" personna and their "at home" personna, and you will probably not want to use the same password across these two universes). So, I agree with the previous poster, that the rule to break here is the edict that says not to write it down. If you want to have strong, distinct passwords across your many systems, then you got to write them down - and the point of storing them with your credit cards is a good one - right up until someone steals your wallet... Finally, note that another way to solve this problem is to use one of the available "Keychain" programs - where you put all your passwords there, and then never have to worry/type them again. This to me seems inherenly unsafe (do we really trust the writers of these keychain programs?), but that is the solution that many shops adopt. -- > No, I haven't, that's why I'm asking questions. If you won't help me, > why don't you just go find your lost manhood elsewhere. CLC in a nutshell.
From: Keith Keller on 18 Jun 2010 13:19 On 2010-06-18, John Hasler <jhasler(a)newsguy.com> wrote: > > Right. So the thing for "normal users" to do is use a seperate strong > password (i.e., one generated by software, not by them) for each > seperate purpose and _write it down_. That's right, _write it down_ and > keep the written record in a safe place such as in their wallets with > their credit cards. The constant admonition to never write down a > password is idiotic. It is primarily responsible for the very common > practice of using a single easily-guessed password everywhere. For people who carry such a device, use an application like GNU Keyring for PalmOS (which I know is all but dead). You remember your Keyring password, then store all your other passwords in a PGP-encrypted database. The Keyring password is not crackable unless someone obtains your device (or the file from your drive, if you sync with a desktop), so it can be a simpler password. I also use Keyring to generate passwords. It generates random passwords; I am required to change some of my passwords every six months. For passwords used frequently it takes me about a week to be able to remember it without looking it up. As I mentioned, PalmOS is basically dead. What are comparable apps for iPhone or Android? --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
From: The Natural Philosopher on 18 Jun 2010 13:32 John Hasler wrote: > Kenny McCormack writes: >> You and I might just be able to handle what you suggest above, but >> normal users? No way. > > Right. So the thing for "normal users" to do is use a seperate strong > password (i.e., one generated by software, not by them) for each > seperate purpose and _write it down_. That's right, _write it down_ and > keep the written record in a safe place such as in their wallets with > their credit cards. The constant admonition to never write down a > password is idiotic. It is primarily responsible for the very common > practice of using a single easily-guessed password everywhere. well we had a book of system passwords in the safe...issued on request by the office manager on a per system basis, and ALWAYS changed at that point, and the new one written down there and then. however, there are many ways to have highly memorable passwords that are as good as unguessable. All tat is required is something you know really well, but no one else is likely to. And write down the HINT. So, lets say you had a mistress at 1032 French Boulevard.. 1032.frog.bvd is pretty strong. and the hint might be 'red hot'
From: John Hasler on 18 Jun 2010 14:01 The Natural Philosopher writes: > however, there are many ways to have highly memorable passwords that > are as good as unguessable. > All that is required is something you know really well, but no one > else is likely to. And write down the HINT. Yes, this works for you and I. Unfortunately, most people live very boring, predictable lives and lack imagination or creativity. They think that their pet's name spelled backward is terribly clever and unguessable. His name is Spot and his picture (with name) is on their desk. -- John Hasler jhasler(a)newsguy.com Dancing Horse Hill Elmwood, WI USA
From: Kenny McCormack on 18 Jun 2010 15:56 In article <877hlwutaq.fsf(a)thumper.dhh.gt.org>, John Hasler <jhasler(a)newsguy.com> wrote: >Kenny McCormack writes: >> ...and the point of storing them with your credit cards is a good one >> - right up until someone steals your wallet... > >What are the chances that they will figure out what the passwords are >for and use them before you discover that your wallet is missing and >change them? Ya know - I hoped that'd would be clear enough as I wrote it, but then again, this is Usenet, where you have to make everything 100000% clear, or someone will find a way to misinterpret. Obviously, the guy who steals your wallet doesn't give a flip about your passwords - he probably doesn't even care about your credit cards. He just takes the cash and goes and buys drugs with it. The point is that *you* are greatly inconvenienced by losing all your passwords (since, by assumption, you haven't even tried to memorize them - that was the whole point of keeping the slips of paper). -- Just for a change of pace, this sig is *not* an obscure reference to comp.lang.c...
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: /dev/sdb1 partition not created Next: Replace string without sed/regex |