Re: Can't create a password successfully.

To: debian-user@lists.debian.org
Subject: Re: Can't create a password successfully.
From: Chris Mitchell <chris@oldnest.ca>
Date: Wed, 6 Apr 2022 09:42:38 -0300
Message-id: <[🔎] 20220406094238.5dc19648@lincoln.oldnest.ca>
In-reply-to: <[🔎] aa4bf964-a1e6-a1dd-67a8-d1a7bee9f1a8@holgerdanske.com>
References: <[🔎] CAOzDMd73=GVartts7-X2P-4DrDxsiX54+SNRQTdbHDqi8Y6GxA@mail.gmail.com> <[🔎] 20220403201014.3ab013c4@earth.stargate.org.uk> <[🔎] 03042022202110.379e8ae176b8@desktop.copernicus.org.uk> <[🔎] Ykn5awJbJQUOsVM5@einval.com> <[🔎] LTQL7pY6KtOw05HQwB4tQi66c65Y_1d9vcS-nuXMNfw_z2HAnIS_9ggaUOy8vMC1nDOhk1U-oq9PdS6RRCnkOTwEtPMnxm9eVJoS2e4VsbI=@protonmail.com> <[🔎] 0c5c0156-2889-5495-7a0a-f1e5e1a7ba88@holgerdanske.com> <[🔎] e1whld1DRuw4HRJwy3Zr61BRqt22qqDwyXnPyqeFq24UHY9z4ajPn8dYKo3rcDim7xUR9NOlU2Ksb-Err-Y1th_IH6_BbQ_VtGv-C24gxP0=@protonmail.com> <[🔎] aa4bf964-a1e6-a1dd-67a8-d1a7bee9f1a8@holgerdanske.com>

On Sun, 3 Apr 2022 22:45:27 -0700
David Christensen <dpchrist@holgerdanske.com> wrote:

> On 4/3/22 21:07, ghe2001 wrote:

> > I kinda thought it probably was.  It's pretty obvious.  The idea is
> > to generate a bunch of gibberish that could be easily remembered.  
> 
> It's not gibberish; it has meaning.  The meaning is what makes the 
> password both memorable and weak.

I concur with David. The fundamental problem with using clever formulas
to come up with memorable passwords is that clever formulas are
reproducible. The "dictionary" from which a modern password cracker
draws its guesses has nothing to do with what is and isn't "a
dictionary word". Rather, it's a purpose-built word list, informed by
years of statistical analysis of millions of real-world passwords
leaked from previous breaches. Actual randomness is the only reasonably
effective way to make a password hard to guess.

Trying to come up with unique, sufficiently random passwords for every
website, service, and so forth — and *remember* all those passwords —
is a real problem at any age. I would strongly suggest using a password
manager. Make sure the master password to unlock the password manager
is really strong. But then you only have one password to remember, and
you can have an effectively unlimited number of unique, random, strong
passwords. Personally, I use KeepassXC with a self-hosted Syncthing
instance to sync the password file to all my devices. If you're not up
for self-hosting, there are some cloud-based password managers with
decent security too, eg Bitwarden.

For the specific challenge of *generating* passwords that are both
genuinely random and reasonably memorable, you might want to take a
look at the "diceware" approach, which is to start with a list of
several tens of thousands of actual English words and use a
high-quality random number generator to pick a few words from the list.
As a helpful little bonus, most password managers nowadays come with a
password generator built-in, which in many cases can be configured to
generate a diceware passphrase instead of a gibberish string of
characters.

Cheers!
 -Chris

Reply to:

References:
- Can't create a password successfully.
  - From: PanosGR <panagoulias989@gmail.com>
- Re: Can't create a password successfully.
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: Can't create a password successfully.
  - From: Brian <ad44@cityscape.co.uk>
- Re: Can't create a password successfully.
  - From: "Andrew M.A. Cater" <amacater@einval.com>
- Re: Can't create a password successfully.
  - From: ghe2001 <ghe2001@protonmail.com>
- Re: Can't create a password successfully.
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Can't create a password successfully.
  - From: ghe2001 <ghe2001@protonmail.com>
- Re: Can't create a password successfully.
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: toshiba video problem
Next by Date: No dbg packages for Plasma?
Previous by thread: Re: Can't create a password successfully.
Next by thread: Re: Can't create a password successfully.
Index(es):
- Date
- Thread