Re: passwords + bad memory - Was (Re: how to test disk for bad sector)
On 9/1/20 17:39, rhkramer@gmail.com wrote:
> On Tuesday, September 01, 2020 02:42:50 PM Mike McClain wrote:
>> On Mon, Aug 31, 2020 at 09:41:06PM +0000, Long Wind wrote:
>> <snip>
>>
>>> my memory is poor, i can't remember many accounts and passwords
>>
>> The more experience you have the harder it is to find the
>> memory you're searching for. That's my story and I'm sticking to it.
>
> +1 ;-)
>
>> Mnemonics can make passwords relatively easy to remember and can
>> be very secure if chosen carefully.
>> Mom's birthday is 5 May 1919, a secure password is *M05o05m19m19a?
>> I have an AT&T account and an address I haven't lived at in 50 years is
>> 5535 El Campo, Ft. Worth, Texas 75107, so :A5535t75107t;.
>> That should give you the idea, a mix of upper and lower case,
>> numerals and punctuation selected from things no longer current can make
>> good passwords easy to remember.
>
> That can be a good approach, but a modern approach seems to be tending towards
> multiple whole words, e.g. "book swimming Wednesday conduct" (all together as
> a password.
>
> A password like this can be easier for a person to remember (especially if you
> create a mnemonic to go with it) and be harder for a computer to guess.
Four randomly chosen words from the Oxford English Dictionary would be
comparable to a 14 character random (or cryptographically secure
pseudorandom) string chosen from upper and lower case letters and digits.
Much is made of the fact that most people can remember a string of words
more effectively than a meaningless string of letters and numbers.
However, that is not at all self-evident if the common recommendation of
unique and unrelated authentication secrets per account is incorporated.
I have, overall, more than a hundred distinct accounts on systems and
with vendors, nearly all of them unique; I find a password manager
(KeepassX) a much easier way to generate and manage the authentication
secrets, and use a pass phrase word combination only to secure the
password database.
Regards,
Tom Dial
>
> I've read articles about the approach, but don't remember enough to explain it
> very well.
>
>
>
>> GRC.com has a password checker
Reply to: