Prev: /dev/sdb1 partition not created
Next: Replace string without sed/regex
From: unruh on 20 Jun 2010 10:14
On 2010-06-20, Kenny McCormack <gazelle(a)shell.xmission.com> wrote:
> In article <slrni1rjp1.vd3.unruh(a)wormhole.physics.ubc.ca>,
> unruh <unruh(a)wormhole.physics.ubc.ca> wrote:
> ...
>>As always it depends ont he attack model. I you are working at a top
>>security installation where strangers come wandering around, having your
>>passwords written down on you monitor is a bad idea.
>
> Nobody said anything about wrtten on your monitor. We are talking about
> storing them in your wallet.

???
So if your collegues (eg wife) has access to your wallet....
It depends on your attack model.

>
From: John Hasler on 20 Jun 2010 10:51
unruh writes:
> It depends on your attack model.

Yes, of course it does. We are talking about ordinary people, not NSA
employees. For them the major risk is having trivial passwords guessed,
not having Chinese spies blackmail their wives into copying their
passwords from the lists in their wallets.
--
John Hasler
jhasler(a)newsguy.com
Dancing Horse Hill
Elmwood, WI USA
From: blmblm on 23 Jun 2010 16:24
In article <hvg758$hc5$1(a)speranza.aioe.org>,
jellybean stonerfish <stonerfish(a)geocities.com> wrote:
> On Fri, 18 Jun 2010 16:04:10 +0000, Kenny McCormack wrote:
>
> > In article <hvg47g$a4o$1(a)speranza.aioe.org>, jellybean stonerfish
> > <stonerfish(a)geocities.com> wrote: ...
> >>Exactly. Don't use passwords that contain words. It is easy to create
> >>and remember a password of almost random letters and numbers, that is
> >>long. Think of a phrase or concept, then translate to semi-random text
> >>with a mental method. For example: Sally thinks of the ladies she has
> >>lunch with, Mary, Sue, and Tina. Mary has a poodle named Snooches, Sue
> >>has two children, Samantha and Fred, and Tina's baby is her car named
> >>Carrie. Using the first letter from her friends names, the first letter
> >>from their type of pet, and the first letters from their pets, and
> >>adding 4 digits from their phone numbers she comes up with a password of
> >>"mps1234sdssf5678tc2468" (FIXED)
> >
> > Yeah, right. You're cracking me up!
> >
> > ...
> >>With a little practice, you can create a new password for any reason.
> >>For example, your email password may have characters generated from a
> >>scene you remember from the movie "The postman always rings twice" and
> >>your web server at work may have a string generated from the name of a
> >>spider, crossed with the name of your favorite waitress, and price of a
> >>sandwich.
> >
> > This was a joke post, right?
>
> I wasn't joking, but there was a bit of humor in the example.
>
> >
> > Either that, or you are out of your frickin' mind. You and I might just
> > be able to handle what you suggest above, but normal users? No way.
>
> You may be right. In a group of friends, one of them forgot a password
> we needed to log into a webserver. I tried to teach them how to make a
> stronger password, that is easy to remember. On of them, an IT guy at a
> local college, at least understood me. He smiled when I created a
> password in front of him that will be impossible to forget, and the
> system he had told him it was 97% strength.

As I think someone else said -- for suitable values of "impossible
to forget". Seriously ....

Your approach probably works reasonably well if you only need,
oh, maybe half a dozen passwords, and you use them all regularly.
If you want to follow the advice about using a different password
for every service/site/whatever that requires one, though, and
some of those passwords only get used a couple of times a year ....?

I'm pretty sure I've outsmarted myself on more than one occasion,
making up bogus answers to security questions in the belief that
I'd remember the bogus answer the next time I needed it, and then
finding that belief to be ill-founded, shall we say. I won't say
my memory is better than average, but I wouldn't have said it was
worse. So I'm skeptical. <shrug>

--
B. L. Massingill
ObDisclaimer: I don't speak for my employers; they return the favor.
First  |  Prev  | 
Pages: 1 2 3 4
Prev: /dev/sdb1 partition not created
Next: Replace string without sed/regex