For my home server I use a yubikey to connect via ssh. For everything else, I use lastpass. You can also use a yubikey for two-factor with lastpass.
I'd also like to point out that the entropy of a password isn't exactly the best metric. For example, it would take about 8.52 hundred-million centuries to guess the password "0wen............", but only 18.62 centuries to guess "B&ITu6rv^BF" (at about one-hundred billion guesses per second). You might want to consider picking a longer password, but one that's much easier to remember. -Jon On Jan 29, 2013, at 9:26 AM, Owen Densmore wrote: > Well, yet another scare today ... an email to me from the name of > someone I know but from a bogus email address. You know: "best > friend" <[email protected]>. > > So I've looked into cranking up the password security a bit. > > It seems that the two most important ideas are: > 1 - Long passwords > 2 - Unique passwords, different for each site > > I realize password managers (keepass, 1password, ..) can generate > gibberish passwords, any length you'd like. But it'd be nice to be > able to remember them yourself. Besides, password managers don't work > everywhere in these days of the "app" because they are browser > centric. > > So looking into common pw formulas, like http://healthypasswords.com/ > & lifehacker http://goo.gl/hZ5rB propose, the site specific stunt is > something like: az@xxxxx!yyy "sandwich" where I have a core xxxx or > set of them, with prefix/postfix identifiers. In this case, az for > amazon, and yyy for something else like b00ks. And yes you can > scramble where az goes etc, but once a formula is seen, it's not going > to be that hard to figure it out for google etc. > > Thus, even tho long and unique, it still could be fragile. > > So the choice does appear to be either a password manager and > gibberish, or a nifty, human rememberable system that may be fragile. > > Has anyone tried the two-factor stunt? Google uses sms & your phone. > I don't know what it would be like to use, but many sites lately allow > you to login via google, facebook and others, so if the google login > is 2-factor secure, maybe that's a good solution? Seems like it might > be a pain and fail if your phone isn't working. > > -- Owen > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
