Re: [PLUG] Lastpass - friend of foe

[Douglas Muth <doug.muth@gmail.com>]

On Sat, Jan 7, 2017 at 5:03 PM, Rich Freeman <r-plug@thefreemanclan.net> wrote:

On Sat, Jan 7, 2017 at 3:53 PM, Paul Walker <pjwalker76@gmail.com> wrote:
> It seems intuitive to just memorize extremely difficult to crack passwords.

No argument that this is far more secure, but right now Lastpass is
tracking 426 different passwords for me, almost all of which are
strong and random and unique to a single site.

If you can keep that in your head, this is of course better.

You can always use a tiered approach, like memorize a few strong
passwords and use those for your most critical sites (banking/etc),
and then let lastpass/etc manage the bazillion web forums you
occasionally browse, which probably is more secure than just using one
password across all of them.

[snip]

What Rich said.  I too have many many passwords, and LastPass does help me keep track of them all and use unique passwords per site. (also, I recommend using 2FA with LastPass)

As for password generation, I am also a fan of the "diceware" approach, which involves high-entropy passwords that consist of common words.  This makes them much much easier to remember.  To show off the approach, I built a demo:

https://www.dmuth.org/diceware/

Feel feel to check that out, download my source, etc.

-- Doug

 

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug