| Rich Freeman via plug on 30 Apr 2022 18:28:30 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Correct Horse Battery Staple |
On Sat, Apr 30, 2022 at 9:08 PM brent timothy saner via plug <plug@lists.phillylinux.org> wrote: > > Speak for yourself. :) I use a password manager and high (very high[0]) > entropy password generator, unique for every single login. This was what I meant by "compared to what?" I would put password managers in a different category than memorized random passwords and memorized passphrases. I'd argue you can memorize more total bits of entropy worth of passwords using passphrases than random passwords. Yes, there are alternatives to memorizing passwords, and they can be more secure. I think you need to consider those as a separate category. It doesn't really make sense to compare them anyway, as all the problems with passphrases can be easily avoided if you use a password manager to generate a passphrase. Other than taking up more space it doesn't make a difference. One other comment on password managers: usually when you're using them you're going to need to memorize more than just one master password. What happens if you need to recover and you've lost the device(s) that contain your password manager? Is that database backed up on some cloud service - you'll need its password. And so on. I'm not saying there aren't ways of doing it that only require one password. I'm just saying make sure you think about your disaster recovery process so that you don't come to realize that getting to your password database ends up requiring a password stored inside that database... -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug