Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Is anyone still not using a Password Manager
by
imperi
on 21/06/2011, 06:16:02 UTC
Quote from: garethnelsonuk on June 21, 2011, 06:14:22 AM
Quote from: imperi on June 21, 2011, 06:05:23 AM
Quote from: Noam on June 21, 2011, 06:00:36 AM
Quote from: imperi on June 21, 2011, 05:57:41 AM
My "Password Manager" is in my brain, where nobody else can see them.


I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that...

You can re-arrange the letters of a website to make passwords. For example, bitcoin.org could turn into n41iR32Rr22141R32Rr221.

The n is from the last letter of the domain.
The i is from the 2nd letter of the domain.
41R32Rr221 is what you memorize, and repeat it twice (with the i inserted into it). This is similarly done for every password. You could also have a number at the end for whether it's an even or odd number of characters in the domain.

A password I no longer use was once made up of the following (and this was years ago, so it's of no use to any potential attackers now):
6 random digits generated by a 386 (see, years ago)
another 6 letters+digits from the combination to the door lock for a hotel room somewhere in london

I mixed the 2 together to get a 12-digit password

But a website? That's silly

Another thing people commonly do is to take a dictionary word and add 2-3 digits, such as Flower29 - that's downright dumb, it only multiplies the number of words to try by 100 and that's not a lot.
You should try to avoid reducing the search space for a potential attacker - anything which has a yes/no answer you should consider as 1 bit of the key, if you answer yes or no, you've given away 1 bit of the key to the attacker on average.

People also do silly things like make their password a swearword when they're known for not swearing on the theory people won't try it - the common 4 letter swears are amongst the first tried (fuck, shit, cunt etc).

Generate random numbers, do whatever you must to memorise them, and if you really can't then store them on a completely disconnected device OR in paper form with something that stays on your person even while sleeping.

The purpose of my suggestion was to have a unique and effective password for every site that you can remember.

If you are using the same password for multiple websites, then you've already lost.