Posted on 06/16/2015 4:00:20 PM PDT by Kid Shelleen
Clearly, a better policy than mine! While I'd never let all my data end up on some cloud out there, I am being swept up in the fad and my data is slowly leaking out onto various clouds, and I don't like it! Even a seemingly innocuous cloud like Amazon's makes me nervous... What if some jug-eared mommajamma sees what I'm reading and decides I must be Public Enemy #666666? In times like these, one must either lead or lay low -- until it's time to decide whose wagon you're going to hitch up to.
THAT is exactly why I don’t use an external “password manager”. Indeed, if someone cannot keep up with their passwords due to too many different accounts/web sites/etc. - then I might suggest they are over-extending their ability to use the ‘net in a responsible manner.
If it’s online, it can be hacked. If you want a great password manager, download KeePass.
My LastPass master password is consists of on the order of 16 random ascii digits, not related to dictionary words at all. If someone has access to my file cabinet they will be able to hack my account, sounds like... otherwise it will take a Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second) 1.41 hundred million centuries to guess that password. I think I am pretty safe.
Truly my master pass, which evolves in letters and digits and symbols each few months, is based on something no one else would ever know. It was a mnemonic once for a Swiss password. It no longer makes any sense so it is only by reference in my brain over the evolving time if you will, like a story. I think if you have to come up with your own password, it’s a good way to do it.
And if I come to a site where I do not know WHEN I began that password, I only have to imagine back in the “story” to come up with it. Though I do hate the places where you are onl y allowed three tries - sometimes it takes me longer.
I do think that coming up with something that can evolve, say, a sentence, maybe chosen at random from a book or article, and twisted to use letters, numbers, and digits, and then begin a “story” (a nonsense progression that makes sense only to you). The first few months, use the first “sentence” you made, then progress it slightly, at regular intervals. You will never forget what it is based on, and you can write yourself clues writing only the new change you made, say, in June 2015. And so on. Without the Base Pass ever written anywhere.
It can’t be something simple like “cats are cool.” It has to be something with meaning just for you. Like “Cats Pee on the Mountain Door.” Then move forward with your story, but not drastically. Just change one small thing at a time. “Dogs sniff the mountain floor.” Or “cat pee on the mountain floor.” And just keep progressing. This can go on for years and years, totally new passes, with significant but subtle changes each time.
My clue to me might say
May 2014
W/o P;
Which will help me know what the pass is, but it won’t help someone else. And my most serious passes (banking, etc) have a totally different “story” so they will never be the same as a grocery store or ticket website.
Clued password progression works fine for most people. As an enterprise architect, I have multiple passwords that have to be very complex. Letter-based passwords are prone to brute force attacks even with spaces.
For instance, your example of “Dogs sniff the mountain floor” is 29 characters and ~100 bit quality. If you throw in some numbers and symbols, you make it more complex but not much more secure. “D0g5 sn!ff the mount@in fl00r” is still 29 characters but only ~121 bit quality.
My recommendation to most of my admins is to pick two to four random words, separate them with spaces, and pepper in numbers and symbols. Then, practice typing the password over the course of a day. Log into servers with the new password, force your muscles to remember it. What this does is prevents brute force attacks but also avails you of stronger passwords with fewer words.
I will say this: if you have a “flat password,” one with a string of numbers and letters, you make your password orders of magnitude more difficult to hack by adding just a single space.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.