Chris Thistlethwaite via plug on 30 Apr 2022 15:24:39 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Correct Horse Battery Staple


Who are we kidding? Most users have one password that they reuse over and over. Horse battery staple is better than hunter2. 

Visible wireless recently got attacked by with brute force based on (imo) some level of social engineering of support staff. Random passwords are only good if you don't reuse them, which everyone does. 

-CT 

On Sat, Apr 30, 2022, 5:59 PM K.S. Bhaskar via plug <plug@lists.phillylinux.org> wrote:
Horse battery staple is a terrible idea. If you have to remember five random sequences of four words each, you can, but if you have to remember 20 (most people have logins for at least e-mail, social media, banking, etc.) it's questionable whether you can. Horse battery staple may be a good idea for a master password for a password manager, but that's it; certainly not for a bunch of accounts. Instead of random sequences of words, most people will end up using meaningful phrases like “Mikey's high school PTO” which have far less entropy.

I remember studies from way back when: while chess grandmasters can remember meaningful chess board positions far better than average people, when it comes to random chess board positions, they are no better than average people. It's the same thing with random phrases vs. meaningful phrases.

Regards
– Bhaskar


On Sat, Apr 30, 2022 at 2:04 PM JP Vossen via plug <plug@lists.phillylinux.org> wrote:
I may have talked about this before, but it came up at work Friday, so...

Go read https://xkcd.com/936/.

Then try:
`alias randomwords="shuf -n102 /usr/share/dict/words | perl -ne 'print qq(\u\$_);' | column"`

:-)
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug