Re: [gentoo-user] Coming up with a password that is very strong.

[Dale <rdalek1967@gmail.com>]

Mark David Dumlao wrote:
> On Mon, Feb 11, 2019 at 1:00 AM Andrew Savchenko <bircoph@gentoo.org> wrote:
>> On Sun, 10 Feb 2019 10:27:32 -0600 Dale wrote:
>>> My password manager does that already.  The password I was trying to
>>> come up with was the master password which I must easily remember, be
>>> secure and be easy to type.  The other passwords I let the password
>>> manager generate and remember as well.  I don't type those so they can
>>> be anything.
>> The line above is approximately the same how I got one of my master
>> passwords. It is not that hard to remember 30-40 random chars.
>> Just try typing them several hundred times. I'm serious.
> That's one of the problems of secure password generation is that human
> memory is used backwards. Things become encoded permanently in our
> memory after the fact that we've repeated them several times, but most
> password generation utilities require you to have perfect memory
> first, THEN use repetition to enforce it.
>
> Both a managed password / algorithmic approach gets this more
> humanely. You need to first have a reliable way to generate the
> pssword, and if you typie it enough times, your brain will commit it
> to memory.
>
>


My biggest thing was to find a way to come up with it.  Most use some
famous quote or song and then each first letter or something with a few
numbers and symbols thrown in.  Thing is, I don't really have any of
those.  So, what I did, I based it on model numbers of some things I
like.  I threw in a few symbols as well just to make it harder. 

I might add, I used three password strength sites to sort of give me a
idea on strength.  I tried different methods to shorten the thing and
make it easier to type as well.  I actually ended up with a slightly
shorter password but one that the meters said would be harder to crack. 
I might add, the difference was large.  The original was something along
the lines of thousands of years.  The end result that was easier to type
and slightly shorter was millions of years.  I was able to put in more
symbols.  Those things help toughen up a password pretty quick.

What I find so interesting about this, everyone seems to have a slightly
or even very different way of doing this.  Even if a person is reading
this list and taking notes, I wish them luck trying to guess our
passwords.  Given the variety of methods used, I don't see how any tool
could be built that would guess any of our passwords in a short time
frame either.  Now if everyone else would put some effort into this
instead of using "passw0rd" or something as silly as that, the internet
would be a much safer place. 

I also ran up on some sites that discussed passwords that people
commonly used and some are just laughable but so bad one should cry. 
Some people are just plain idiots.  I might add, some sites restrict
passwords in ways that keeps a person from generating a really good
password too.  Some need to get with the current threat models instead
of living in the past when security wasn't such a issue. 

Interesting thread.

Dale

:-)  :-)