On Tue 22 Aug 2017 at 15:14:37 -0500, Mario Castelán Castro wrote: > On 22/08/17 14:46, Brian wrote: > > Wow! Can you suggest something which gives one teensy-weensy bit of > > memorability? > > I do not recommend “memorable passwords” at all. The reasons are as > explained next.
You can recommend what you want but give me IhaveaMemorablePasswordwhichIwillnotforget! as opposed to WVAq7XLM4va6e1A4Bb4+Zw You will now explain why the first one will be broken in the next 100 years. I'm past caring after that. > If the password is not important (for example, account of web forums) > then you can use store it in a plain text file or a password manager. > Firefox has a built-in password manager which works fine. Here > memorability does not matter at all, as you just have to copy and paste, > or let the password manager fill it automatically. Anyway, one could not > memorize enough passwords for all the things that require one (esp. web > sites). You are digressing. Every password is important. Basing a password on the perceived imortance of an account is unwise. What Firefox has is of no great consequence when it comes to memorability. For one of my web forums: M92FGisthepostcodeformyhomeaddress A weak password? > If the password is important, then for a reasonable amount of entropy, a > memorable password will be too long and VERY slow to input. I suggest > the following approach: Stick entropy. It is highly unlikely that a password is broken because it is not in the 128-bit entropy category. > Generate a 3-bit long password, for example: > > mario@svetlana [0] [/home/mario] > $ head -c 3 /dev/urandom | base64 > w5eJ > > Write it in a paper or leave it in the terminal. Invent a mnemonic for > it or just memorize as is. In this case, I can think of “_W_ill has _5_ > fingers in _each_ _J_and (hand spelled wrong)”. Fine. But where is the improvement over Willhas5fingerson_each_Jand as a password? A bit longer to type, perhaps, but not spectacularly so. -- Brian.
