Password strength, password management, password memorization, password bla bla bla. We spend half a day writing (or saving in browser) password fo...
For further actions, you may consider blocking this person and/or reporting abuse
Hmm, what about password managers? They'll generate passwords with much higher entropy. I'd rather stick to them.
Sure, if you always work on the same pc. But if you have to login on a foreign computer, or you don't have your phone at hand, you are lost.
On the other hand, if you have your memory wiped, you have far more problems than logging on GitHub! π
What about LastPass ?
It's an online password manager, also includes plugins for different browsers (so you don't have to "copy & paste" password nor username from your local password manager).
I've been using it for a long time and I'm very satisfied with it
I'd prefer 1Password, but it is not free (i.e. gratis).
Online password manager need you to trust them. I use Chrome password management, because I think Google is big enough to keep an "evil legal" alignment. Smaller companies... well, I don't trust them. But it's just my opinion :-)
Don't forget the cli
Sometimes you need password not only for web pages/services. Chrome won't help you with that.
Yes, that's why I always have encrypted pw database back-up on USB drive :)
But I understand the issue with mobile devices and foreign computers, that is valid point.
Remember a friend from college had a similar strategy.
Start with the name of the site (take dev.to), put your finger on the "d" and then do a dance on the keyboard:
As long as you remembered the dance, you had a password.
*This was before password managers were a thing.
And as long you stay on QWERTYβ¦
With #MessagEase you are lost!! π
I would highly recommend using a verified online password provider such as LastPass, 1Password and so on. These offer significant value above and beyond simply remembering your passwords for you, such as knowing which have been compromised, and filling them in (only on the right site, too).
The best password is what no one knows, not even yourself. Use a password manager and generate long passwords.
If you use a scheme then you weaken your passwords and giving a chance to break them.
I used to have a similar process to create my passwords.
I had issues with these passwords: some site doesn't allow the special character I used, some other site thinks that my password is too long and so on, there are many different ways where my scheme didn't work. So I needed to add exceptions, change the algorithm and after all it was hard to use my own scheme.
Now I only use randomly generated passwords, I adjust it's length and character set to the site if needed.
One more important thing is that with a scheme it's hard to change the password. For one domain you have one password or need to alter your scheme but often it's still won't work. You know there are different checks that my new password should not be similar to the previous.
But worth mentioning that it's still better than using the same password everywhere. It's not tied to birthday or pet name, but there are weaknesses too.
Last year I wrote a package based on BIP39 that generates private keys based on 12+ easy to remember words, used for crypto wallets, it was fun.
Passphrases are harder to crack and easier to remember (than "regular passwords"), but most websites enforce to stupid arbitrary rules to have special characters that are anti-humans, so I use OpenID providers as much as I can.
And Chrome now recognize register forms and recommend passwords like a manager.
Amazing how security-aware people recommend password managers as a service, that are a single point of failure and a place with all your passwords. For me sounds the opposite of safe, but in the end so is the Chrome password manager or a notebook ...
Has anyone out there seen The Bank Dick with W. C. Fields. In the movie, they had to rehire him because nobody could find anything in his files. The difficulty in finding information in my house is similar. So I have to wonder how much effort it would take to break into my house, go through all my papers, and find the desired information. So what I aim for is a system that will take far more effort to hack than my information is worth. It's not really all that difficult. Everybody talks about the possibility of a reverse dictionary attack, but that is only usable if they can obtain a copy of the hashes of the passwords. That is why UNIX put in the shadow password file. Where the password file was public, the shadow file was not and that is where the sensitive information was placed. Since most systems limit the number of accesses a second, the movies where a hacker tests a billion passwords a second just isn't practical. Also, many systems allow you to change passwords with your email account and phone number. Malicious actors are generally looking for a very low cost per account. So I'm not that worried about the password managers so long as I use reputable ones. If you have really sensitive information, you shouldn't be relying on passwords or two-factor authentication alone.