> From: Discuss [mailto:[email protected]] On
> Behalf Of Rich Braun
>
> It's 2016 and the whole concept of passwords for user auth is obsolete;
> they're hard to remember, don't get changed enough, and fairly easy to
> break.
*cough*
There are very real weaknesses to using passwords, sure, but to say it's
obsolete means you're living on a different planet.
> If you're relying solely on a memorized pass-phrase to access anything via a
> public IP address, you're not doing it right these days. Does this include
> you?
Seriously, what you just said is impossible. Even if you're using a password
manager, or some type of cloud storage (something other than a USB fob) to keep
some sort of private key with you at all times, backed up and safe from
compromise by a pickpocket or mugger...
You have to login to your password manager with a password.
The right thing to do is memorize one really strong password, and use it to
secure all your other randomly generated passwords.
PS. Something I'm working on right now is a cryptographic random sentence
generator using small words (2-4 chars). Sentences like:
ads have down if god fits last
seas date max as air uses zone
land tries fair and rock owns sign
These are easily memorizable, and about 40 bits each. Certainly strong enough
to use in a password manager to protect against thugs. String a couple of them
together and it would be strong enough to thwart sophisticated attacks, and if
you string 3 of them together it would be sufficient to thwart a hostile
government.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
