[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dropbox security situation



On Tue, 10 Dec 2019 06:56:15 -0600
John Hasler <jhasler@newsguy.com> wrote:

> I wrote:
> > Bruce Schneier recommends writing passwords down and then keeping the
> > document containing them secure.
> 
> Andrei writes:
> > Not everybody has the luxury of typing password without danger of
> > someone taking a peek over the shoulder.
> 
> True but the admonition isn't "Don't write down passwords if you cannot
> read them back securely".  It's "Never, ever, ever write down a password
> no matter what!"  In the current environment bad passwords are a far
> greater threat than that of friends or co-workers sneakily reading them.
> Common sense applies.  Writing down passwords doesn't mean you have to
> read them aloud while sitting at a hotel bar.

Arnold Reinhold (the Diceware creator) agrees with Schneier:

Should I write down my passphrase?

This is a very important question. Much advice says never write down
your passphrase under any circumstances. I strongly disagree, as do may
other security experts.

Most people are more afraid of forgetting their own passphrase than
they are of having it stolen. As a result they tend to pick passphrases
that are far too weak. I actually did a small survey on this question
and the results support my view. See
http://world.std.com/~reinhold/passphrase.survey.asc

Also many people need dozens of passwords or passphrases for different
programs and web sites. Remembering them all can be difficult,
particularly those that are used infrequently. For most people it is
better to pick strong passphrases, write them down and keep them in a
very safe place. There may be legal advantages to memorizing your key,
however.

http://world.std.com/%7Ereinhold/dicewarefaq.html

Celejar


Reply to: