[conspire] storing passwords
Paul Zander
paulz at ieee.org
Thu Mar 30 09:33:45 PDT 2017
I totally understand the need to have different passwords for different accounts. I also seem to have a limit on the number of brain cells for this.
What I have been doing is to take the name of a bank, for example, and mess around with capitalization and number substitution. Each of the several banks then has a unique password. If a computer got the password for one bank, it would only work at that bank. However, if I wrote down the password, I am sure that anyone on this list could make a correct guess for a different bank.
I am sure this is a lot better than using 1234 for everything.
BTW, my user name is also deliberately not consistent across different websites, but I only think of this as weak protection.
Side issue: I recently had to jump through some security hoops when calling a credit card company. I was the one initiating the conversation. They insisted that I had to have the answer to a security question. I was told it began with "B", but my mind went blank. In hindsight, the answer had been so obvious when I had first created it, that I hadn't recorded it in my offline password base ... I was simultaneously frustrated and apologetic because I knew that they needed to be cautious. Eventually they called me back on a number in their records. ...
Then they said I needed to set up a new question / answer. "What is your favorite place to vacation?" I already knew they could prompt with the first letter of the answer. If the answer was,"Hawaii", how easy would it be to guess the answer given "H"? So I was on the line for a while longer until I found something less obvious.
From: Daniel Gimpelevich <daniel at gimpelevich.san-francisco.ca.us>
To: conspire at linuxmafia.com
Sent: Wednesday, March 29, 2017 9:19 AM
Subject: Re: [conspire] storing passwords
On Tue, 28 Mar 2017 15:04:54 +0000, Paul Zander wrote:
> Here is a DIY project for managing passwords. It's a USB dongle that
> can save the passwords and upload them to the PC.
>
> Not a complete air gap, but you don't have to type the string.
> https://www.instructables.com/id/Password-Manager-Typer-Macro-Payload-
All-in-ONE/?utm_source=newsletter&utm_medium=email
Of special note are the comments on the page by ia42 and by SuperSonik,
and the comment by robertbu is also interesting.
_______________________________________________
conspire mailing list
conspire at linuxmafia.com
http://linuxmafia.com/mailman/listinfo/conspire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20170330/e63f20ef/attachment.html>
More information about the conspire
mailing list