[conspire] storing passwords
Don Marti
dmarti at zgp.org
Thu Apr 6 15:17:10 PDT 2017
begin Rick Moen quotation of Thu, Mar 30, 2017 at 11:44:02AM -0700:
> Quoting Paul Zander (paulz at ieee.org):
>
> > I totally understand the need to have different passwords for different accounts. I also seem to have a limit on the number of brain cells for this.
>
> This is a wise and astute comment. The biggest problem with passwords
> is that we need to create, reliably remember, and occasionally change
> quite a lot of them, that any compromosing of password complexity
> or duplication makes them a lot weaker, and that the human brain simply
> can't do all that.
Things that people are really bad at: remembering
strings of high-entropy text.
Thing that most web site security depends on: making
users remember strings of high-entropy text.
I use "pass" which I can sync among devices without
trusting the server too much:
https://www.passwordstore.org/
You do have to have GPG working first (and it helps
to know git), but once you have that it's pretty
straightforward.
protip: if you want to keep people who do web
development from trusting their data to your web
site, disallow passowrds containg quotation marks,
percent signs, or semicolons.
--
Don Marti <dmarti at zgp.org>
http://zgp.org/~dmarti/
Are you safe from 3rd-party web tracking? http://www.aloodo.org/test/
More information about the conspire
mailing list