<div dir="ltr"><br><div>Re Ricks not explaining how he does his passwords:</div><div>Indeed you should NOT tell us how you do it. Otherwise would be a groos breach of security.</div><div>Dont appologize for being right.</div><div><br></div><div>After being on the bench for months, I landed a gig.</div><div>My first day, I was presented with a MAC laptop and a bunch of reading.</div><div><br></div><div>The reading largely spelled out what I vaguely suspected.</div><div>I went with long passwords, opened a separate password manager from the one that I use, </div><div>and I didnt repeat the same password for ANYTHING.</div><div>The first 2 days went fine as the onboarding progressed.</div><div><br></div><div>On the third day, I forgot my password to the password manager.</div><div>This resulted in being unable to log into the laptop, or the "Apple-ID"</div><div>This, in turn "bricked" my MAC and while I was able to request help with my APPLE-ID, </div><div>they had a mandatory waiting time of a month.</div><div><br></div><div>There was no way to reinstall OS on the MAC.</div><div><br></div><div>The job that was going to turn my life around, (Full time, yet) ended on my 1 week anniversary.</div><div><br></div><div>Having completely screwed myself, Im going to be just a little bit less zealous about security in the future.</div><div>Im probably going to refuse a MAC next time around as well.</div><div><br></div><div><br></div><div>Regarding Ricks & Pauls posts, I see a conflict.</div><div>Is it number of pitibilities per digit to the power of the number of digits?</div><div>Or is it number of digits to the power of the number of possibilities per digit?</div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Mar 30, 2020 at 4:08 PM Rick Moen <<a href="mailto:rick@linuxmafia.com">rick@linuxmafia.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Quoting Tony Godshall (<a href="mailto:tony@of.net" target="_blank">tony@of.net</a>):<br>
<br>
> I would also suggest that whatever password scheme you currently use,<br>
> you periodically alter it in an arbitrary fashion, sometimes in some<br>
> way that varies per site, or domain.<br>
<br>
When I say 'how I arrive at passwords', just to clarify, I don't mean<br>
any form of detectable/guessable pattern. Lots of people do those, but<br>
they're an obvious blunder, designed to try to cheat on the fundamental<br>
problem of human minds not being able to remember more than a couple of<br>
strong passwords at a time. <br>
<br>
And, as the guy said at the Stackexchange link I provided, what you<br>
should do depends on what threat model you're trying to address.<br>
Deciding what threat models are worth worrying about is the -first-<br>
thing to do, before picking a coping strategy.<br>
<br>
Also, if you are stuck relying solely on human memory, unless you're a<br>
memory prodigy, my opinion is that you're doomed -- and need to rethink<br>
your assumption that unaided human memory is adequate (because it's not).<br>
<br>
<br>
<br>
_______________________________________________<br>
conspire mailing list<br>
<a href="mailto:conspire@linuxmafia.com" target="_blank">conspire@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/conspire" rel="noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/conspire</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><br>R "Texx" Woodworth<br>Sysadmin, E-Postmaster, IT Molewhacker<br>"Face down, 9 edge 1st, roadkill on the information superdata highway..."<br></div>