Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: passwords + bad memory - Was (Re: how to test disk for bad sector)
From: Tom Dial <tddial@comcast.net>
Date: Wed, 2 Sep 2020 00:38:01 -0600
Message-id: <[🔎] 2a5e89c2-3bbb-0cf7-0271-bdb58e20521e@comcast.net>
Reply-to: tdial@acm.org
In-reply-to: <[🔎] 202009011939.53179.rhkramer@gmail.com>
References: <[🔎] 202009011939.53179.rhkramer@gmail.com>

On 9/1/20 17:39, rhkramer@gmail.com wrote:
> On Tuesday, September 01, 2020 02:42:50 PM Mike McClain wrote:
>> On Mon, Aug 31, 2020 at 09:41:06PM +0000, Long Wind wrote:
>> <snip>
>>
>>> my memory is poor, i can't remember many accounts and passwords
>>
>>     The more experience you have the harder it is to find the
>> memory you're searching for. That's my story and I'm sticking to it.
> 
> +1 ;-)
> 
>>     Mnemonics can make passwords relatively easy to remember and can
>> be very secure if chosen carefully.
>>     Mom's birthday is 5 May 1919, a secure password is *M05o05m19m19a?
>> I have an AT&T account and an address I haven't lived at in 50 years is
>> 5535 El Campo, Ft. Worth, Texas 75107, so :A5535t75107t;.
>>     That should give you the idea, a mix of upper and lower case,
>> numerals and punctuation selected from things no longer current can make
>> good passwords easy to remember.
> 
> That can be a good approach, but a modern approach seems to be tending towards 
> multiple whole words, e.g. "book swimming Wednesday conduct" (all together as 
> a password.
> 
> A password like this can be easier for a person to remember (especially if you 
> create a mnemonic to go with it) and be harder for a computer to guess.

Four randomly chosen words from the Oxford English Dictionary would be
comparable to a 14 character random (or cryptographically secure
pseudorandom) string chosen from upper and lower case letters and digits.

Much is made of the fact that most people can remember a string of words
more effectively than a meaningless string of letters and numbers.
However, that is not at all self-evident if the common recommendation of
unique and unrelated authentication secrets per account is incorporated.
I have, overall, more than a hundred distinct accounts on systems and
with vendors, nearly all of them unique; I find a password manager
(KeepassX) a much easier way to generate and manage the authentication
secrets, and use a pass phrase word combination only to secure the
password database.

Regards,
Tom Dial

> 
> I've read articles about the approach, but don't remember enough to explain it 
> very well.
> 
> 
> 
>>     GRC.com has a password checker

Reply to:

References:
- Re: passwords + bad memory - Was (Re: how to test disk for bad sector)
  - From: rhkramer@gmail.com

Prev by Date: how to rescue lxc?
Next by Date: Re: passwords + bad memory - Was (Re: how to test disk for bad sector)
Previous by thread: Re: passwords + bad memory - Was (Re: how to test disk for bad sector)
Next by thread: Re: passwords + bad memory - Was (Re: how to test disk for bad sector)
Index(es):
- Date
- Thread