Steve Litt via plug on 30 Apr 2022 16:17:59 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Correct Horse Battery Staple


K.S. Bhaskar via plug said on Sat, 30 Apr 2022 17:59:15 -0400

>Horse battery staple is a terrible idea. If you have to remember five
>random sequences of four words each, you can, but if you have to
>remember 20 (most people have logins for at least e-mail, social
>media, banking, etc.) it's questionable whether you can. Horse battery
>staple may be a good idea for a master password for a password
>manager, but that's it; certainly not for a bunch of accounts. Instead
>of random sequences of words, most people will end up using meaningful
>phrases like “Mikey's high school PTO” which have far less entropy.

The preceding is exactly what I was going to say.

There are three kinds of password users:

1) Dingbats who user their wife's birthday.
2) People who use a keychain and hope nothing technical ends up losing
   every password.
3) People using their own personal combination of good passwording
   principles and security by obscurity.

I wrote about this at
http://www.troubleshooters.com/lpm/201408/201408.htm#lessons_of_heartbleed
. From there, search for the phrase "security by obscurity".

That's all I'm going to say about that! 

SteveT

Steve Litt 
March 2022 featured book: Making Mental Models: Advanced Edition
http://www.troubleshooters.com/mmm
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug