[conspire] Password permutations (was: Correction)

Texx texxgadget at gmail.com
Tue Apr 14 19:22:15 PDT 2020 

Re Ricks not explaining how he does his passwords:
Indeed you should NOT tell us how you do it.  Otherwise would be a groos
breach of security.
Dont appologize for being right.

After being on the bench for months, I landed a gig.
My first day, I was presented with a MAC laptop and a bunch of reading.

The reading largely spelled out what I vaguely suspected.
I went with long passwords, opened a separate password manager from the one
that I use,
and I didnt repeat the same password for ANYTHING.
The first 2 days went fine as the onboarding progressed.

On the third day, I forgot my password to the password manager.
This resulted in being unable to log into the laptop, or the "Apple-ID"
This, in turn "bricked" my MAC and while I was able to request help with my
APPLE-ID,
they had a mandatory waiting time of a month.

There was no way to reinstall OS on the MAC.

The job that was going to turn my life around, (Full time, yet) ended on my
1 week anniversary.

Having completely screwed myself, Im going to be just a little bit less
zealous about security in the future.
Im probably going to refuse a MAC next time around as well.


Regarding Ricks & Pauls posts, I see a conflict.
Is it number of pitibilities per digit to the power of the number of digits?
Or is it number of digits to the power of the number of possibilities per
digit?




On Mon, Mar 30, 2020 at 4:08 PM Rick Moen <rick at linuxmafia.com> wrote:

> Quoting Tony Godshall (tony at of.net):
>
> > I would also suggest that whatever password scheme you currently use,
> > you periodically alter it in an arbitrary fashion, sometimes in some
> > way that varies per site, or domain.
>
> When I say 'how I arrive at passwords', just to clarify, I don't mean
> any form of detectable/guessable pattern.  Lots of people do those, but
> they're an obvious blunder, designed to try to cheat on the fundamental
> problem of human minds not being able to remember more than a couple of
> strong passwords at a time.
>
> And, as the guy said at the Stackexchange link I provided, what you
> should do depends on what threat model you're trying to address.
> Deciding what threat models are worth worrying about is the -first-
> thing to do, before picking a coping strategy.
>
> Also, if you are stuck relying solely on human memory, unless you're a
> memory prodigy, my opinion is that you're doomed -- and need to rethink
> your assumption that unaided human memory is adequate (because it's not).
>
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>


-- 

R "Texx" Woodworth
Sysadmin, E-Postmaster, IT Molewhacker
"Face down, 9 edge 1st, roadkill on the information superdata highway..."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20200414/abd5712b/attachment.html>

More information about the conspire mailing list