On Wed, Jan 30, 2013 at 8:59 AM, Jon Bringhurst <[email protected]> wrote:
> For my home server I use a yubikey to connect via ssh.
Way cool, I had heard of yubikey and possible acquisition/partnering with
google. It was in the "google declares war on passwords" article:
http://www.wired.com/wiredenterprise/2013/01/google-password/all/
I'll give it a try.
For everything else, I use lastpass. You can also use a yubikey for
> two-factor with lastpass.
>
Lastpass, 1password, keepass et al make sense. I've used one of them for a
little over a year simply to remember *where* I have accounts. I don't yet
trust the idea of a unique random string for all my logins. I really want
a human rememberable password, again unique but with a formula. The
problem is making sure if one pw is seen in the clear, all can't be
generated by discovering the formula.
Do you use long random strings, non-human memorable?
> I'd also like to point out that the entropy of a password isn't exactly
> the best metric. For example, it would take about 8.52 hundred-million
> centuries to guess the password "0wen............", but only 18.62
> centuries to guess "B&ITu6rv^BF" (at about one-hundred billion guesses per
> second).
>
Agreed, certainly the idea of obscurity with letters etc is becoming less
effective. But alas, the heuristics now being used would certainly
discover 0wen............ in less than combinatoric time.
> You might want to consider picking a longer password, but one that's much
> easier to remember.
Yup, I'm doing that.
Thanks for the details, nice to know.
-- Owen
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
