[conspire] storing passwords

Paul Zander paulz at ieee.org
Fri Mar 31 15:08:12 PDT 2017


Well the pattern I use you could probably break with N=1 samples.  
My thought is that when passwords are "stolen", they probably go into a database where a simple computer software can give a lot of "benefit" to the thief by just using the passwords as is, combined with a lot of people using same login and password in many places.  Why go to the bother of even attempting to "derive a pattern"?  


      From: Tony Godshall <togo at of.net>
 To: Paul Zander <paulz at ieee.org> 
Cc: "conspire at linuxmafia.com" <conspire at linuxmafia.com>
 Sent: Friday, March 31, 2017 10:16 AM
 Subject: Re: [conspire] storing passwords
   
+1 for algorithmic passwords, so long as the algorithm is sufficiently complex.

i always imagine someone getting two or three of passwords, and try to
figure out if the pattern would be obvious enough that they could
derive a pattern.





On Thu, Mar 30, 2017 at 9:33 AM, Paul Zander <paulz at ieee.org> wrote:
> I totally understand the need to have different passwords for different
> accounts.  I also seem to have a limit on the number of brain cells for
> this.
>
> What I have been doing is to take the name of a bank, for example, and mess
> around with capitalization and number substitution.  Each of the several
> banks then has a unique password. If a computer got the password for one
> bank, it would only work at that bank.  However, if I wrote down the
> password, I am sure that anyone on this list could make a correct guess for
> a different bank.
>
> I am sure this is a lot better than using 1234 for everything.
>
> BTW, my user name is also deliberately not consistent across different
> websites, but I only think of this as weak protection.
>
> Side issue: I recently had to jump through some security hoops when calling
> a credit card company.  I was the one initiating the conversation.  They
> insisted that I had to have the answer to a security question. I was told it
> began with "B", but my mind went blank. In hindsight, the answer had been so
> obvious when I had first created it, that I hadn't recorded it in my offline
> password base ... I was simultaneously frustrated and apologetic because I
> knew that they needed to be cautious.  Eventually they called me back on a
> number in their records. ...
>
> Then they said I needed to set up a new question / answer.  "What is your
> favorite place to vacation?"  I already knew they could prompt with the
> first letter of the answer.  If the answer was,"Hawaii", how easy would it
> be to guess the answer given "H"?  So I was on the line for a while longer
> until I found something less obvious.
> ________________________________
> From: Daniel Gimpelevich <daniel at gimpelevich.san-francisco.ca.us>
> To: conspire at linuxmafia.com
> Sent: Wednesday, March 29, 2017 9:19 AM
> Subject: Re: [conspire] storing passwords
>
> On Tue, 28 Mar 2017 15:04:54 +0000, Paul Zander wrote:
>> Here is a DIY project for managing passwords.  It's a USB dongle that
>> can save the passwords and upload them to the PC.
>>
>> Not a complete air gap, but you don't have to type the string.
>> https://www.instructables.com/id/Password-Manager-Typer-Macro-Payload-
> All-in-ONE/?utm_source=newsletter&utm_medium=email
>
> Of special note are the comments on the page by ia42 and by SuperSonik,
> and the comment by robertbu is also interesting.
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>



-- 
--
Best Regards.
This is unedited.
This message came out of me
via a suboptimal keyboard.


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20170331/b69d6fc0/attachment.html>


More information about the conspire mailing list