On Tue, Feb 5, 2019 at 3:39 AM Jack <ostrof...@users.sourceforge.net> wrote: > The problem I have with many of these suggestions is that I have > multiple devices (two desktops, two laptops, tablet, android phone) I > use sufficiently often that I either need to be able to remember the > passwords or have some way of easily accessing them when I'm not > sitting at my main desktop. Other than using a password manager (which > I do not currently have) how to others deal with this? > > Jack
Haven't posted here in a long while. I personally do not trust password managers for (1) the same reason you gave above and (2) typically the way around it is they store your passwords in the cloud which is all sorts of facepalm from a security perspective. My own solution is actually very simple. I have a "secret algorithm" that incorporates several secrets with a predictable way to generate a site-specific secret. The end result is a 100% predictable way to generate unique passwords for every site that are cryptographically secure from each other (you cannot derive one from the other) which can be generated by any device using the appropriate tools. There is also a protocol for password shifting in case any single password is revealed. The long and short of it is that you can combine secure passwords with hashing techniques, site-specific data, and truncation / peppering in a predetermined way that is easy for you to remember but guarantees that the original secret data is irrecoverable. Then all you need is the hashing program on, say, your phone, and you will always be able to generate the site-specific password when needed. In effect the algorithm is your secret, the site-specific password is just a side effect of that secret. -- This email is: [ ] actionable [x] fyi [x] social Response needed: [ ] yes [x] up to you [ ] no Time-sensitive: [ ] immediate [ ] soon [x] none
