frustrate shouldservers

[Kyle]

I still think the most secure password is the one you don't have to store 
anywhere other than in your brain. Any stored password, even the one on paper, 
can be stolen and compromised. However, I don't think anyone has yet found a way 
to steal passwords by reading thoughts. That said, any password should be able 
to be retained in memory, but also has to be complex enough that it can't be 
guessed or attacked using a dictionary. A thread came up in another list where 
translation to grade 2 braille and then to the computer braille symbols that 
have the same dot patterns was proposed. For example, your password could be 
something like ",? pass~w w 3fuse y4" which translates back to "This password 
will confuse you." On that thread, UEB was mentioned as a stumbling block to 
future attempts to translate passwords in this way, but if you are able to do 
this without computer aided translation, you may of course use oldschool braille 
rather than UEB. Other methods such as adding symbols to the password seem good 
as well, as long as any arbitrarily added symbols are not so complex as to make 
it too hard to retain in memory. Something like "This.is.my.password" may be 
easy to crack, but "This-is-my.new.passworde ..." may be harder, but is still 
easy enough for the user who created it to remember. On the other hand, I find 
that computer generated or overrandomized passwords are best used only as 
one-time passwords that immediately expire, as they are the easiest to 
compromise, especially long ones, due to the fact that they ultimately have to 
be stored somewhere, and probably even <gasp> copied and pasted. Those are 
definitely best sent over e-mail or other insecure channels, as they force a 
change, so you immediately know if your one-time password was compromised before 
you ever tried to use it. In such cases, it seems most secure to create a new 
password that meets the criteria above of being completely memorable by you, but 
guessable by no one else. Only you know how your brain works and how you best 
remember things, so any examples given are only examples. The most important 
thing is to employ the aid of a computer as little as possible, and never write 
the password down anywhere. Just my random thoughts.
Sent from the starship Enterprise