Skip to main content

View Diary: How to AVOID writing passwords (154 comments)

Comment Preferences

  •  What about the OS/X Keychain app? (2+ / 0-)
    Recommended by:
    holeworm, Miggles

    I'm curious about this. It seems like a reasonably good idea. Perhaps there is an application that uses the Keychain to store automatically generated passwords/passphrases? That would be useful.

    Another thing: what about sites that restrict the character set allowed for passwords? Many disallow spaces, for example; I've seen some that disallow all punctuation, or just some punctuation. Those surely must make the job of automating passwords more complicated.

    •  Oh, and what about passphrases? (1+ / 0-)
      Recommended by:
      holeworm

      For a long time now, I've been using a program I wrote to look up words randomly in dict/words and put them together with punctuation, like:

      parel+Nils:very
      Delia4cand:jink
      Sophy+yote6tien
      rinker/Roxy-bill
      Egypt9Jam3conk
      trawl/Huma5lech
      Biham3Ro:iamb
      kore4Cory3view
      Tilia4Sho2slip
      sil7Ler4Jute
      Anthus/Abby8trin
      titmal:Ita/fold
      Pani6turd8kivu
      Mason;gobi=cly
      Phaedo4fod.Bogo
      The set is constrained to use upper and lower case, and to insert either a digit or a punctuation mark between the words.

      The other kind of passphrase I have used is to randomly select a line from a randomly chose book on my shelf. For example:

      you can think of many more. The result looks a bit like listing 12.9. I say a bit, because I did not
      How are those in terms of crackability, compared to unreadable random gobbledygook?
      •  I would consider most to be fairly strong... (0+ / 0-)

        As far as "phrase"-type passwords go, those are much better than some of the other suggestions I've seen. The chances of something like "Delia4cand:jink" or "Mason;gobi=cly" being cracked are essentially zero. So, those are good!

        I'd be a little more careful with something like "Egypt9Jam3conk", though. That's probably safe, but maybe modify your program to only generate passwords that have at least 1 or 2 non-alphanumerics in them, or something like that?

        Another easy way you could add entropy is by having your program randomly set the case of each letter, so things turn into random mixed case.

        At that point you might be better off just generating random stuff though. :) (I do similar, and have a script to generate my random passwords.)

        The problem with something like "you can think of many more. The result looks a bit like listing 12.9. I say a bit, because I did not" is that it may be truncated. (Some sites may only use 8 - 16 characters or so, even if you enter more. Test by entering a very long password with the last letter removed, and see if it still works.) So it could very well be hashed as just "you can think of" or something like that.

    •  Safari actually stores site passes in the Keychain (0+ / 0-)

      I think Chrome does as well, not sure about Firefox.

      The Keychain is encrypted with your login password as well, so it's a reasonably secure place to store information. (But again, relying on a single level of closed-source software for encryption is best avoided.)

      You can actually store random data in the Keychain, even; it comes with a section for "Secure Notes." Try it yourself, just open "Keychain Access" (which should be in /Applications/Utilities) and poke around.

Subscribe or Donate to support Daily Kos.

  • Recommended (141)
  • Community (59)
  • Elections (39)
  • Civil Rights (36)
  • Culture (32)
  • 2016 (32)
  • Law (27)
  • Environment (26)
  • Texas (26)
  • Economy (26)
  • Baltimore (26)
  • Bernie Sanders (24)
  • Labor (23)
  • Hillary Clinton (22)
  • Republicans (18)
  • Rescued (18)
  • Health Care (18)
  • Barack Obama (18)
  • International (17)
  • Media (16)
  • Click here for the mobile view of the site