[conspire] Password permutations (was: Correction)
Rick Moen
rick at linuxmafia.com
Mon Mar 30 16:07:57 PDT 2020
Quoting Tony Godshall (tony at of.net):
> I would also suggest that whatever password scheme you currently use,
> you periodically alter it in an arbitrary fashion, sometimes in some
> way that varies per site, or domain.
When I say 'how I arrive at passwords', just to clarify, I don't mean
any form of detectable/guessable pattern. Lots of people do those, but
they're an obvious blunder, designed to try to cheat on the fundamental
problem of human minds not being able to remember more than a couple of
strong passwords at a time.
And, as the guy said at the Stackexchange link I provided, what you
should do depends on what threat model you're trying to address.
Deciding what threat models are worth worrying about is the -first-
thing to do, before picking a coping strategy.
Also, if you are stuck relying solely on human memory, unless you're a
memory prodigy, my opinion is that you're doomed -- and need to rethink
your assumption that unaided human memory is adequate (because it's not).
More information about the conspire
mailing list