[conspire] storing passwords

Tony Godshall togo at of.net
Fri Mar 31 15:56:54 PDT 2017


biting my tongue.



On Fri, Mar 31, 2017 at 3:08 PM, Paul Zander <paulz at ieee.org> wrote:
> Well the pattern I use you could probably break with N=1 samples.
>
> My thought is that when passwords are "stolen", they probably go into a
> database where a simple computer software can give a lot of "benefit" to the
> thief by just using the passwords as is, combined with a lot of people using
> same login and password in many places.  Why go to the bother of even
> attempting to "derive a pattern"?
>
>
>
> ________________________________
> From: Tony Godshall <togo at of.net>
> To: Paul Zander <paulz at ieee.org>
> Cc: "conspire at linuxmafia.com" <conspire at linuxmafia.com>
> Sent: Friday, March 31, 2017 10:16 AM
> Subject: Re: [conspire] storing passwords
>
> +1 for algorithmic passwords, so long as the algorithm is sufficiently
> complex.
>
> i always imagine someone getting two or three of passwords, and try to
> figure out if the pattern would be obvious enough that they could
> derive a pattern.
>
>
>
>
>
> On Thu, Mar 30, 2017 at 9:33 AM, Paul Zander <paulz at ieee.org> wrote:
>> I totally understand the need to have different passwords for different
>> accounts.  I also seem to have a limit on the number of brain cells for
>> this.
>>
>> What I have been doing is to take the name of a bank, for example, and
>> mess
>> around with capitalization and number substitution.  Each of the several
>> banks then has a unique password. If a computer got the password for one
>> bank, it would only work at that bank.  However, if I wrote down the
>> password, I am sure that anyone on this list could make a correct guess
>> for
>> a different bank.
>>
>> I am sure this is a lot better than using 1234 for everything.
>>
>> BTW, my user name is also deliberately not consistent across different
>> websites, but I only think of this as weak protection.
>>
>> Side issue: I recently had to jump through some security hoops when
>> calling
>> a credit card company.  I was the one initiating the conversation.  They
>> insisted that I had to have the answer to a security question. I was told
>> it
>> began with "B", but my mind went blank. In hindsight, the answer had been
>> so
>> obvious when I had first created it, that I hadn't recorded it in my
>> offline
>> password base ... I was simultaneously frustrated and apologetic because I
>> knew that they needed to be cautious.  Eventually they called me back on a
>> number in their records. ...
>>
>> Then they said I needed to set up a new question / answer.  "What is your
>> favorite place to vacation?"  I already knew they could prompt with the
>> first letter of the answer.  If the answer was,"Hawaii", how easy would it
>> be to guess the answer given "H"?  So I was on the line for a while longer
>> until I found something less obvious.
>> ________________________________
>> From: Daniel Gimpelevich <daniel at gimpelevich.san-francisco.ca.us>
>> To: conspire at linuxmafia.com
>> Sent: Wednesday, March 29, 2017 9:19 AM
>> Subject: Re: [conspire] storing passwords
>>
>> On Tue, 28 Mar 2017 15:04:54 +0000, Paul Zander wrote:
>>> Here is a DIY project for managing passwords.  It's a USB dongle that
>>> can save the passwords and upload them to the PC.
>>>
>>> Not a complete air gap, but you don't have to type the string.
>>> https://www.instructables.com/id/Password-Manager-Typer-Macro-Payload-
>> All-in-ONE/?utm_source=newsletter&utm_medium=email
>>
>> Of special note are the comments on the page by ia42 and by SuperSonik,
>> and the comment by robertbu is also interesting.
>>
>>
>> _______________________________________________
>> conspire mailing list
>> conspire at linuxmafia.com
>> http://linuxmafia.com/mailman/listinfo/conspire
>>
>>
>>
>> _______________________________________________
>> conspire mailing list
>> conspire at linuxmafia.com
>> http://linuxmafia.com/mailman/listinfo/conspire
>
>>
>
>
>
> --
> --
> Best Regards.
> This is unedited.
> This message came out of me
> via a suboptimal keyboard.
>
>
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>



-- 
--
Best Regards.
This is unedited.
This message came out of me
via a suboptimal keyboard.




More information about the conspire mailing list