On Wed, Jan 30, 2013 at 10:27 AM, Barry MacKichan < [email protected]> wrote:
> I'll provide a data point, FWIW. > This is great, thanks. > We are moving our companies' servers to Amazon, and generally we have only > the ssh port open in addition to any public-facing ports necessary for that > particular machine, such as http and https. All ssh authentication is done > by public keys. I have passphrases on any private keys that are on machines > that I take out of the office -- my iPhone and iPad and laptop. > I'm using pub key crypto for my hosting service and my home "server" .. mac mini. My pass phrase is in italian but not very long. > I love 1Password. I have about 208 passwords stored in it. There's no way > I could remember a fraction of them, so this is what makes having a > separate password for every site possible. The 1Password database is > encrypted and on Dropbox, so all my devices and PCs share the same database. > 1P is the manager I chose too, and also with DB. DB is offering 2-factor so I may try it but 1P warns of some difficulties. > I also have a handful of "rememberable" passwords for my laptop login, my > Apple ID, and my DropBox password. > OK, so you mix 1P generated pws along with your own? Interesting idea .. that may be good for banks, cards etc. > There was a famous hack last summer where a hacker got control of a > person's iCloud mail account. > Mat Honan's amazing story, yeah. I included two links in earlier mail and was amazed at his after-story: meeting Paranoid and becoming expert enough that for $4 he could steal any ones ID and wreak their digital world. Interesting that he placed a LOT of emphasis on backup strategies. Once he had that, he was able to change passwords on a number of other > accounts by using the "Forgot password?" links. Then he remotely wiped the > user's laptop, phone, and iPad. The moral there was that the Dropbox > account, holding the remaining copy of the 1Password database, needs to be > accessible without 1Password. > > One of my employees has a program that will generate memorizable 11 > character passwords; it knows enough about word structure that it makes > nonsense words that can be pronounced. Very useful. > That sounds interesting. Do you remember its name? Possibly the black hats have incorporated a heuristic for that too. > My one password to open 1Password is memorized, 27 characters long, and > generated by the "roll 6 dice, map the result to a word from this > dictionary, and repeat 5 times" algorithm. > That's a lot of typing! Even on a phone? > --B > > > On Jan 29, 2013, at 9:26 AM, Owen Densmore wrote: > > I realize password managers (keepass, 1password, ..) can generate > gibberish passwords, any length you'd like. But it'd be nice to be > able to remember them yourself. Besides, password managers don't work > everywhere in these days of the "app" because they are browser > centric. > >
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
