[conspire] Password permutations (was: Correction)

Fri Apr 17 01:50:29 PDT 2020

> From: "paulz at ieee.org" <paulz at ieee.org>
> Subject: Re: [conspire] Password permutations (was: Correction)
> Date: Tue, 14 Apr 2020 20:27:14 +0000 (UTC)

>  I always think about the key strokes when creating a password.   
> Even if I think it will be possible to remember, some combinations  
> of keys are easy to mess up and since you can't see when typing the  
> password. 
> Furthermore, I have learned to my chagrin that some things which are  
> easy to type on a full keyboard don't work well on a small screen,  
> especially if you have to jump between letters and numbers and  
> uppper/lower case.

I can't speak for others.  But at least as for myself, for passwords and
the like, at least if I'm entering 'em by hand on a regular basis ...
or even semi-rare, so long as it's "often enough" and occasionally
repeated, I find "finger memory" kicks in.  However convoluted the
password is, it flies off my fingertips pretty fluently after some
bit ... rather like just typically a common English word ... or, heck
lots of vi(1) commands and common commands entered at shell prompts,
etc.  :-)

E.g. I remember case, many years ago, our "Director of Loss Prevention"
(our chief physical security person), actually had a legitimate reason
to get the alarm codes of everyone with alarm access (yeah, don't
reveal passwords/codes ever ... alas, sometimes there are highly rare
exceptions ... like an alarm system that has no way to tell authorized
folks which codes are for who, and doesn't hash 'em so there's a secure
way to figure that out - as it reveals all the active codes to authorized
persons anyway) ... so, said director asks me for my alarm code.  I use
it dang near every day.  I'm in the building, about 30 ft. from the
alarm entry panel.  I can't think of it off-the-top-of-my-head, but I
tell the person essentially, "Ah, finger memory, let's walk to the panel",
we do, I look at it, and then I'm able to tell him (or I could've gone
through the keypad motions at that time).

Anyway, likewise type 'em pretty fast 'n easy.
Then I hit some other yucky interface to enter such ... corporate
printer/copier ... once in a while it wants/needs to reauthenticate
with user's password ... but it's not a keyboard, it's a touchscreen,
not only lacking tactile feedback, but not exactly a full typical
computer keyboard emulation either.  E.g. like accessing symbols, and
switching from upper to lower, and accessing numbers, etc., all kind'a
funky and not at all very keyboard-like.  Yeah, I find that annoyingly
challenging every time.  I mostly just think about typing out the
password, think about what would be flying off my fingertips ... then
I think backwards to exactly what that sequence of characters is ...
and then I know the (characters of the) password ... which is less
accessible in the wetware (but still probably in there somewhere) as
it's not used directly nearly as frequently as the actual keystrokes to
enter it.

And, yeah, at any given time, I probably know and well recall (and regularly
or semi-regularly use) about half a dozen or a bit more, quite to
highly secure good passwords.  "Of course" I have and use many many
more passwords than that - generally quite to highly secure (especially
if I get to pick them).  But for stuff like that, they're securely stored,
securely encrypted, and well protected with strong password(s)/passphrase(s)
to be able to retrieve/access them.