Re: One-line password generator
On Tue 22 Aug 2017 at 15:14:37 -0500, Mario Castelán Castro wrote:
> On 22/08/17 14:46, Brian wrote:
> > Wow! Can you suggest something which gives one teensy-weensy bit of
> > memorability?
>
> I do not recommend “memorable passwords” at all. The reasons are as
> explained next.
You can recommend what you want but give me
IhaveaMemorablePasswordwhichIwillnotforget!
as opposed to
WVAq7XLM4va6e1A4Bb4+Zw
You will now explain why the first one will be broken in the next
100 years. I'm past caring after that.
> If the password is not important (for example, account of web forums)
> then you can use store it in a plain text file or a password manager.
> Firefox has a built-in password manager which works fine. Here
> memorability does not matter at all, as you just have to copy and paste,
> or let the password manager fill it automatically. Anyway, one could not
> memorize enough passwords for all the things that require one (esp. web
> sites).
You are digressing. Every password is important. Basing a password on
the perceived imortance of an account is unwise. What Firefox has is of
no great consequence when it comes to memorability.
For one of my web forums:
M92FGisthepostcodeformyhomeaddress
A weak password?
> If the password is important, then for a reasonable amount of entropy, a
> memorable password will be too long and VERY slow to input. I suggest
> the following approach:
Stick entropy. It is highly unlikely that a password is broken because
it is not in the 128-bit entropy category.
> Generate a 3-bit long password, for example:
>
> mario@svetlana [0] [/home/mario]
> $ head -c 3 /dev/urandom | base64
> w5eJ
>
> Write it in a paper or leave it in the terminal. Invent a mnemonic for
> it or just memorize as is. In this case, I can think of “_W_ill has _5_
> fingers in _each_ _J_and (hand spelled wrong)”.
Fine. But where is the improvement over
Willhas5fingerson_each_Jand
as a password? A bit longer to type, perhaps, but not spectacularly so.
--
Brian.
Reply to: