frustrate shouldservers

Anders Holmberg anders at pipkrokodil.se
Sun Feb 5 15:31:44 UTC 2017 

Hi!
And my memory is kind of full of other things i have to remember so i have to write the passwords down.
Sadly but i don’t want to be paranoid either.
/A
> 4 feb. 2017 kl. 09:55 skrev Kyle <kyle4jesus at gmail.com>:
> 
> I still think the most secure password is the one you don't have to store anywhere other than in your brain. Any stored password, even the one on paper, can be stolen and compromised. However, I don't think anyone has yet found a way to steal passwords by reading thoughts. That said, any password should be able to be retained in memory, but also has to be complex enough that it can't be guessed or attacked using a dictionary. A thread came up in another list where translation to grade 2 braille and then to the computer braille symbols that have the same dot patterns was proposed. For example, your password could be something like ",? pass~w w 3fuse y4" which translates back to "This password will confuse you." On that thread, UEB was mentioned as a stumbling block to future attempts to translate passwords in this way, but if you are able to do this without computer aided translation, you may of course use oldschool braille rather than UEB. Other methods such as adding symbols to the password seem good as well, as long as any arbitrarily added symbols are not so complex as to make it too hard to retain in memory. Something like "This.is.my.password" may be easy to crack, but "This-is-my.new.passworde ..." may be harder, but is still easy enough for the user who created it to remember. On the other hand, I find that computer generated or overrandomized passwords are best used only as one-time passwords that immediately expire, as they are the easiest to compromise, especially long ones, due to the fact that they ultimately have to be stored somewhere, and probably even <gasp> copied and pasted. Those are definitely best sent over e-mail or other insecure channels, as they force a change, so you immediately know if your one-time password was compromised before you ever tried to use it. In such cases, it seems most secure to create a new password that meets the criteria above of being completely memorable by you, but guessable by no one else. Only you know how your brain works and how you best remember things, so any examples given are only examples. The most important thing is to employ the aid of a computer as little as possible, and never write the password down anywhere. Just my random thoughts.
> Sent from the starship Enterprise
> 
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/blinux-list

More information about the Blinux-list mailing list