On Friday, 11 April 2014 at 15:48:45 UTC, Adam D. Ruppe wrote:
On Friday, 11 April 2014 at 15:39:35 UTC, Dicebot wrote:
And blindly using 3d-part tool for something that critical
just does not make sense.
The most secure password tracker for the majority of people is
a plain piece of paper put away in your desk. The odds that
somebody will physically break into your home/office and grab
your passwords off paper is a lot lower than the odds that some
random browser bug will pwn you.
The odds are a bit higher in the office so work passwords might
be a different story, but still, making somebody go through the
hassle of actually going there in real life is going to set the
bar a LOT higher than a script kiddie with a MitM exploit or
whatever collecting them en masse.
BTW also use complete sentences for passwords. A lot easier to
remember in your brain, easy to vary, and hard for others to
guess. You can use a pattern to easily remember them all. For
example, your reddit password might be "Reddit is a steaming
pile of horse crap!", your twitter password might be "160
characters
per message?! Yeah, right, what a spam haven." and your bank
password would be "Capshort12" because they had the brilliant
idea of truncating passwords at a certain number of
characters.... blargh well it doesn't work everywhere.
But I do something like this, and if I ever forget a password,
I just use the site for a minute, something about it will piss
me off, and then, boom the password comes right back to my mind!
I simply store two functions in my brain :
generatePassword(base, domain, importance)
adjustToIdioticRequirements(password, requirements)
generation algorithm itself is not most trivial but really easy
to remember it if you do it every single day. No need to write
down anything anywhere.
