On Mon, 12 Jul 2021 09:53:00 +0000, Unbreakable Disease
<
unbre...@secmail.pro> wrote:
>My 50-year old brain isn't capable of memorizing that many passwords
>anymore, so I use KeePassXC. I keep basically everything here including
>my financial passwords and credit card data, with the exception of
>passwords that I would have to remember anyway (full-disk encryption,
>login, primary e-mail passwords, etc.)
>
>Overall, it's much easier to remember and much harder to forget 10
>complicated passwords that you use everyday than 100+ simple passwords
>you use every month or even less.
>
>I can't speak about Windows version of KeePass, because with the
>exception of playing games not available on Macintosh, I haven't used
>one since Windows 95 days.
For what it's worth, I like LastPass. I'm not crazy about the fact
that I can't use it on multiple devices without having to pay for it,
but I can't begrudge the software developers over there the right to
earn a living.
The best strengths in current password technology are in passphrases:
https://useapassphrase.com
There's some great stats in there, such as the amount of time it takes
to crack common spatial word passwords such as "qwerty" or "aaaaaa"...
10 milliseconds.
Or how long it takes to crack a password that's a date like
"03261981"... 2.213 seconds.
However, if you use a sequence of four randomly chosen words like
"mergers decade labeled manager", it'll take 6 million centuries to
crack.
So.
I've converted all my passwords to sequences of four to six words; and
I have an email account at a provider that I've never used to send
email to anyone, or to use as the id for any website. There, I have a
draft of an email saved that holds the information.
I now only need to remember one password, and I can get to everything.
As for the remote chance that the email provider will cease to exist,
I made backup accounts with other major providers, because paranoia.
I don't use email apps to access my password storage account; and I
use Tor to get to it for the sake of anonymity. I'd be fairly
impressed if someone got through that level of security, and it's
probably overkill, but why take the risk?
While I'm at it... does everyone know about
https://haveibeenpwned.com
You can put your email address in there, and see if it's been involved
in any large-scale thefts. It's got records going back years, and I
was fairly shocked to see that my wife's account had been hacked years
ago.
--
Cheers,
Dreamer
AA 2306
"The fact that a believer is happier than a skeptic is no
more to the point than the fact that a drunken man is
happier than a sober one. The happiness of credulity is a
cheap and dangerous quality of happiness, and by no means
a necessity of life."
George Bernard Shaw
Androcles and the Lion