On Wed, May 6, 2020 at 6:59 PM Kent Borg <kentb...@borg.org> wrote: > On 5/6/20 1:45 PM, Jack Bennett wrote: > > One of the benefits of a password manager is that it automates this > process > > so you can easily use passwords that would be impossible to remember > and/or > > type in (and lock them behind a suitable and memorable passphrase). > > I'm not opposed to software automatically generating passwords. But why > make them impossible to remember? > > It is easy to remember "tropic-judge-dragon", and it has 32-bits of > entropy. Same with "voodoo-apollo-period". Neither would be a good > encryption key, but both fine passwords. (Again, the distinction between > password and an encryption key is *crucial*.) Those were both software > generated. How many would you like? > > sandra-shelter-avenue > bicycle-bruce-patrol > under-survive-pluto > zodiac-stuart-pattern > amazon-mouse-museum > dublin-scoop-optic > > I got a million of em'! All fine passwords. (All terrible encryption keys.) >
I agree 100% that any one of these individually is easy to memorize/remember (and type in, which is a nice feature as well). The hard part comes in organizing and remembering N>>1 of these (bank site, insurance site, email, retail sites, etc, etc), updating them, deprecating them, and so forth. A password manager does this at a very low financial cost; whether the risk is acceptable is another question. I do trust Thomas Ptacek's (@tqbf) assessment of the situation. This was one of the factors that sold me on 1Password a few years back: https://twitter.com/tqbf/status/886058611692232704 (herd mentality perhaps, but at least informed and considered herd mentality ...) _______________________________________________ Discuss mailing list Discuss@lists.blu.org http://lists.blu.org/mailman/listinfo/discuss
