On 07/27/2013 03:24 AM, Tom Metro wrote:
That's a consideration, but for now you can also apply the philosophy that you don't need to be able to outrun the bear, you only need to be faster than the other guy also trying to outrun the bear. The default behavior around password hygiene is so poor that anyone using LastPass ends up being a hardened target compared to the vast masses.
That is why my hypothetical bad guy was hoping Lastpass becomes very common, then it will become fertile ground for theft.
Passwords have a life span, where one puts them has inertia, decisions made today can stick for years. For example, I was using my Palm Pilot for passwords for well over a decade. Decisions now need to be safe beyond this year.
So I'm wondering whether your "air-gap" (manually transcribing passwords from another device) has necessitated generating passwords that are less error prone to human reproduction?
Oh, yes. I am a big fan of sensible passwords--and counting entropy in how the password was created.
For example, "8e53-arrow-spell-genetic" is pretty easy to type and remember, yet it has 48-bits of entropy in it. Not enough entropy for en encryption key, but plenty for a password. Entropy doesn't have to be hard to type and impossible to remember.
-kb _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
