this post was submitted on 13 Mar 2024
1011 points (96.9% liked)

Memes

45130 readers
3667 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
1011
Brute force protection (rytter.me)
submitted 6 months ago by anders@rytter.me to c/memes@lemmy.ml
111 comments fedilink hide all child comments
 

Brute force protection

@memes

you are viewing a single comment's thread
view the rest of the comments
[–] KoboldCoterie@pawb.social 5 points 6 months ago* (last edited 6 months ago) (4 children)

My current favorite "memorizable" method (obviously a random hash from a PW manager is still better) is to take a sentence of moderate complexity that includes the name of the service you're signing up for in it, and use the first letter of each word as your password.

For example, "When I wake up in the morning, the first thing I do is go to pawb.social."

Password would be "WIwuitm,tftIdigtps."

Easy to remember, immune to dictionary attacks, and you get a (mostly) unique password for each service, so stolen passwords can only access that one thing.

Edit: To be clear, the value is that you can use the same sentence everywhere, switching out the name of the service to generate semi-unique passwords for each service. Obviously someone analyzing your passwords would be able to figure out the pattern, but that's basically never what actually happens; it's more likely someone gets 1 password and tries your email address + that PW in a variety of services, which this is strong against.

[–] OpenStars@startrek.website 3 points 6 months ago

I dunno, all I do is hit copy, then go to the website and hit paste, and that's pretty easy as well:-P.

I do need to step up my game for work though, b/c it keeps asking me a password multiple times a day so if I could rattle one off that would be better than having to open up my password manager and get it.

[–] the_post_of_tom_joad@sh.itjust.works 2 points 6 months ago (1 children)

This seems like a memory method for someone who has a great memory. (Better than mine anyway)

[–] KoboldCoterie@pawb.social 2 points 6 months ago (1 children)

It's surprisingly easy to memorize. The sentence basically acts as a mnemonic device to remember the password, and it's a lot easier to memorize a sentence that makes sense to you than to memorize something like "Tr0ub4d0r&8".

[–] the_post_of_tom_joad@sh.itjust.works 1 points 6 months ago

I just see myself changing the words around honestly. It's not like i think it's a bad idea just dunno if i can pull it off

[–] SpeakinTelnet@sh.itjust.works 2 points 6 months ago

I simply change my keyboard layout. Auto-scramble a simple phrase.

[–] The_v@lemmy.world 1 points 6 months ago

I have a strict, "do I give a fuck" policy when it comes to security.

I keep the harder to crack passwords for critical things like banking, etc... since there's only a few I can remember them. I also always use MFA.

For all the other shit that I don't give a fuck if it's hacked it's the good old *Banana$1234" type password that I reuse for decades and save to firefox's password manager.