On 2024-12-17, John Hasler wrote:
> Peter Hillier-Brook writes:
>> the nonsense about about not changing them ignores the obvious.
>
> What is that?
>
>> My bank performs security checks by requesting a sub-set of my
>> password.
>
> Sounds like a reason to find a new bank, in the meantime changin
On 20/12/2024 16:21, Chris Green wrote:
In fact my feeling is that password is
slightly better because if you are using ssh-agent as you may well
leave your system for short periods without logging off and then an
intruder will be able to log in to all those remote systems for which
ssh-agent has
On Friday, 20-12-2024 at 20:21 Chris Green wrote:
> to...@tuxteam.de wrote:
> > [-- text/plain, encoding quoted-printable, charset: utf-8, 24 lines --]
> >
> > On Fri, Dec 20, 2024 at 10:22:29AM +0700, Max Nikulin wrote:
> > > On 19/12/2024 15:56, Chris Green wrote:
> > > > Horses for courses,
to...@tuxteam.de wrote:
> [-- text/plain, encoding quoted-printable, charset: utf-8, 24 lines --]
>
> On Fri, Dec 20, 2024 at 10:22:29AM +0700, Max Nikulin wrote:
> > On 19/12/2024 15:56, Chris Green wrote:
> > > Horses for courses, I enter login passwords/passphrases quite frequently
> > > (lots
Max Nikulin wrote:
> On 19/12/2024 15:56, Chris Green wrote:
> > Horses for courses, I enter login passwords/passphrases quite frequently
> > (lots of
> > different systems that I ssh to) long, unmemorable, passwords would be
> > useless.
>
> Generate a private key and add its public counterpart
On Thu, Dec 19, 2024 at 11:36 PM wrote:
>
> On Fri, Dec 20, 2024 at 10:22:29AM +0700, Max Nikulin wrote:
> > On 19/12/2024 15:56, Chris Green wrote:
> > > Horses for courses, I enter login passwords/passphrases quite frequently
> > > (lots of
> > > different systems that I ssh to) long, unmemorab
On Friday, 20-12-2024 at 14:22 Max Nikulin wrote:
> On 19/12/2024 15:56, Chris Green wrote:
> > Horses for courses, I enter login passwords/passphrases quite frequently
> > (lots of
> > different systems that I ssh to) long, unmemorable, passwords would be
> > useless.
>
> Generate a private k
On Fri, Dec 20, 2024 at 10:22:29AM +0700, Max Nikulin wrote:
> On 19/12/2024 15:56, Chris Green wrote:
> > Horses for courses, I enter login passwords/passphrases quite frequently
> > (lots of
> > different systems that I ssh to) long, unmemorable, passwords would be
> > useless.
>
> Generate a p
On 19/12/2024 15:56, Chris Green wrote:
Horses for courses, I enter login passwords/passphrases quite frequently (lots
of
different systems that I ssh to) long, unmemorable, passwords would be
useless.
Generate a private key and add its public counterpart to
~/.ssh/authorized_keys on remote m
John Hasler wrote:
> Karen writes:
> > Well, I do not use hundreds. Still that little black book is,
> > speaking personally, far safer to my mind then any digital solution.
>
> If you are going to use a little black book why not just use random
> passwords? pwgen -s 10 and write it down.
>
Be
On Wed, Dec 18, 2024 at 07:13:23PM +, Chris Green wrote:
> Michael Kjörling wrote:
[...]
> > If I generate a Diceware passphrase - let's take one from that page as
> > an example, "dean unissued mystified comfort everyday chokehold" -
[...]
> But how do you remember it? It's no more memora
because my little black book is accessible for me.
random passwords that I cannot recall are not for me personally.
Additionally, most password managers are unlikely to work with my setup.
But that is me.
On Wed, 18 Dec 2024, John Hasler wrote:
Karen writes:
Well, I do not use hundreds. Sti
Karen writes:
> Well, I do not use hundreds. Still that little black book is,
> speaking personally, far safer to my mind then any digital solution.
If you are going to use a little black book why not just use random
passwords? pwgen -s 10 and write it down.
And if they insist on a "password re
Have to agree.
Perfect knowledge of you seems hard to imagine in another person, let
alone yourself.
On Wed, 18 Dec 2024, Chris Green wrote:
Michael Kjörling wrote:
As I note on https://michael.kjorling.se/password-tips/ (constructive
criticism most welcome!) "someone who has perfect kn
Well, I do not use hundreds.
Still that little black book is, speaking personally, far safer to my mind
then any digital solution.
On Wed, 18 Dec 2024, Michael Kjörling wrote:
On 17 Dec 2024 23:42 -0500, from klewel...@shellworld.net (Karen Lewellen):
Simply sharing a password method I wa
I wrote:
> But which things about you can you be sure no one else has knowledge of?
> Most people seem to think that the name of the dog they had when they
> were 12 is an unguessable secret.
Chris Green writes:
> That depends rather on how long ago they were 12 surely.
Not when the dog's name wa
> Sent: Wednesday, December 18, 2024 at 2:04 PM
> From: "John Hasler"
> To: debian-user@lists.debian.org
> Subject: Re: Writing passwords down
>
> JHHL writes:
> > I *could* share my strategies for coming up with passwords.
>
> Mine is pwgen -s 12
I ha
John Hasler wrote:
> Chris Green writes:
> > Surely no one "has perfect knowledge of you"! :-) I'm not even sure I
> > have perfect knowledge of myself, in fact I'm pretty sure I don't!
>
> But which things about you can you be sure no one else has knowledge of?
> Most people seem to think that t
Michael Kjörling wrote:
> On 18 Dec 2024 11:57 -0600, from j...@sugarbit.com (John Hasler):
> >> Surely no one "has perfect knowledge of you"! :-) I'm not even sure I
> >> have perfect knowledge of myself, in fact I'm pretty sure I don't!
> >
> > But which things about you can you be sure no one
JHHL writes:
> I *could* share my strategies for coming up with passwords.
Mine is pwgen -s 12
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On 18 Dec 2024 11:57 -0600, from j...@sugarbit.com (John Hasler):
>> Surely no one "has perfect knowledge of you"! :-) I'm not even sure I
>> have perfect knowledge of myself, in fact I'm pretty sure I don't!
>
> But which things about you can you be sure no one else has knowledge of?
> Most peopl
On Wed, Dec 18, 2024 at 12:10 PM Chris Green wrote:
>
> Michael Kjörling wrote:
> > On 17 Dec 2024 21:41 -0600, from deb...@lionunicorn.co.uk (David Wright):
> > > As you have to select the subset from some listboxes with a mouse,
> > > I would guess that the step is designed to defeat key-loggin
I *could* share my strategies for coming up with passwords. But then I'd
be legally obligated to irrecoverably crash the list server, kill every
member of the List, and kill everybody who might have seen my message in
the List archives, or might have talked to anybody who'd read it, and
irrecov
Chris Green writes:
> Surely no one "has perfect knowledge of you"! :-) I'm not even sure I
> have perfect knowledge of myself, in fact I'm pretty sure I don't!
But which things about you can you be sure no one else has knowledge of?
Most people seem to think that the name of the dog they had when
On Wed, Dec 18, 2024 at 04:55:59PM +, Chris Green wrote:
> Michael Kjörling wrote:
> > On 17 Dec 2024 21:41 -0600, from deb...@lionunicorn.co.uk (David Wright):
> > > As you have to select the subset from some listboxes with a mouse,
> > > I would guess that the step is designed to defeat key-
Michael Kjörling wrote:
>
> As I note on https://michael.kjorling.se/password-tips/ (constructive
> criticism most welcome!) "someone who has perfect knowledge of you
> should not have any advantage in guessing the password".
>
Surely no one "has perfect knowledge of you"! :-) I'm not even sure
Michael Kjörling wrote:
> On 17 Dec 2024 21:41 -0600, from deb...@lionunicorn.co.uk (David Wright):
> > As you have to select the subset from some listboxes with a mouse,
> > I would guess that the step is designed to defeat key-logging.
>
> If someone has maliciously installed a keylogger, there
On 17 Dec 2024 23:42 -0500, from klewel...@shellworld.net (Karen Lewellen):
> Simply sharing a password method I was taught years ago that works well.
> Granted I never allow anything to choose a password for me, not ever.
> Instead I create a sentence with aspects of the characters forming the
>
On 18 Dec 2024 10:15 +0100, from to...@tuxteam.de:
> When doing "security analysis", I tend to lump "compromised client"
> into one category.
Case in point: Microsoft Windows Recall.
Plug that into your favorite web search engine if you aren't familiar
with it, and read some of the tech media cov
On 17 Dec 2024 20:44 +, from debian-u...@howorth.org.uk:
>> https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers
>
> I tend to agree but I'll play Devil's Advocate here.
>
> If I was NCSC would I prefer to break a few password managers or
> millions of individual passwords
On Wed, Dec 18, 2024 at 09:10:23AM +, Michael Kjörling wrote:
> On 17 Dec 2024 21:41 -0600, from deb...@lionunicorn.co.uk (David Wright):
> > As you have to select the subset from some listboxes with a mouse,
> > I would guess that the step is designed to defeat key-logging.
>
> If someone has
On 17 Dec 2024 21:41 -0600, from deb...@lionunicorn.co.uk (David Wright):
> As you have to select the subset from some listboxes with a mouse,
> I would guess that the step is designed to defeat key-logging.
If someone has maliciously installed a keylogger, there's also likely
some kind of screen
Simply sharing a password method I was taught years ago that works well.
Granted I never allow anything to choose a password for me, not ever.
Instead I create a sentence with aspects of the characters forming the
password.
As an example, I will create one, not in use of course, for the below
On Tue 17 Dec 2024 at 13:44:22 (-0600), John Hasler wrote:
> Peter Hillier-Brook writes:
> > the nonsense about about not changing them ignores the obvious.
>
> What is that?
>
> > My bank performs security checks by requesting a sub-set of my
> > password. It doesn't take a genius to work out th
On Tue, Dec 17, 2024 at 5:22 PM Peter Hillier-Brook wrote:
>
> On 17/12/2024 17:44, Michael Kjörling wrote:
> > [...]
> > Under the heading "Should I use a password manager?" the opening is:
> > "Yes. Password managers are a good thing. They give you huge
> > advantages in a world where there's fa
Michael Kjörling wrote:
> On 17 Dec 2024 06:45 +0100, from to...@tuxteam.de:
> >> Then follow Bruce Schneier's advice and*write them down*.
> >
> > Do you have a reference?
> >
> > I ask because I'm in the middle of a discussion (and that was my
> > advice, too). Seeing what Schneier has to sa
On Tue, Dec 17, 2024, 12:24 PM wrote:
> On Tue, Dec 17, 2024 at 12:37:33PM -0500, Jeffrey Walton wrote:
> > On Tue, Dec 17, 2024 at 12:29 PM wrote:
> > >
> > > On Tue, Dec 17, 2024 at 10:59:40AM -0500, Michael Stone wrote:
> > > > On Tue, Dec 17, 2024 at 06:45:05AM +0100, to...@tuxteam.de wrote:
Peter Hillier-Brook writes:
> the nonsense about about not changing them ignores the obvious.
What is that?
> My bank performs security checks by requesting a sub-set of my
> password.
Sounds like a reason to find a new bank, in the meantime changing your
password after every such request. Sure
Michael Kjörling writes:
> Under the heading "Should I use a password manager?" the opening is:
> "Yes. Password managers are a good thing. They give you huge
> advantages in a world where there's far too many passwords for anyone
> to remember."
I use Firefox's built-in manager for "low threat"
On 17/12/2024 17:44, Michael Kjörling wrote:
On 17 Dec 2024 06:45 +0100, from to...@tuxteam.de:
Then follow Bruce Schneier's advice and*write them down*.
Do you have a reference?
I ask because I'm in the middle of a discussion (and that was my advice,
too). Seeing what Schneier has to say on
On Tue, Dec 17, 2024 at 12:37:33PM -0500, Jeffrey Walton wrote:
> On Tue, Dec 17, 2024 at 12:29 PM wrote:
> >
> > On Tue, Dec 17, 2024 at 10:59:40AM -0500, Michael Stone wrote:
> > > On Tue, Dec 17, 2024 at 06:45:05AM +0100, to...@tuxteam.de wrote:
> > > > Do you have a reference?
> > > >
> > > >
On 17 Dec 2024 06:45 +0100, from to...@tuxteam.de:
>> Then follow Bruce Schneier's advice and*write them down*.
>
> Do you have a reference?
>
> I ask because I'm in the middle of a discussion (and that was my advice,
> too). Seeing what Schneier has to say on that would be very interesting.
Not
On Tue, Dec 17, 2024 at 12:29 PM wrote:
>
> On Tue, Dec 17, 2024 at 10:59:40AM -0500, Michael Stone wrote:
> > On Tue, Dec 17, 2024 at 06:45:05AM +0100, to...@tuxteam.de wrote:
> > > Do you have a reference?
> > >
> > > I ask because I'm in the middle of a discussion (and that was my advice,
> > >
I make regular use of an OS that is completely passwordless.
It's called PC-DOS 2000.
(I might also add that I wish that my Meerkat desktop Linux box didn't
make it so easy to sign off by mistake when I'd intended to power down.)
--
James H. H. Lampert
On Tue, Dec 17, 2024 at 10:59:40AM -0500, Michael Stone wrote:
> On Tue, Dec 17, 2024 at 06:45:05AM +0100, to...@tuxteam.de wrote:
> > Do you have a reference?
> >
> > I ask because I'm in the middle of a discussion (and that was my advice,
> > too). Seeing what Schneier has to say on that would b
On Tue, Dec 17, 2024 at 11:00 AM Michael Stone wrote:
>
> On Tue, Dec 17, 2024 at 06:45:05AM +0100, to...@tuxteam.de wrote:
> >Do you have a reference?
> >
> >I ask because I'm in the middle of a discussion (and that was my advice,
> >too). Seeing what Schneier has to say on that would be very int
On Mon, Dec 16, 2024 at 11:27 PM Loris Bennett
wrote:
>keeping them in your wallet can be
> safer than sticking them with a post-it to you monitor.
Just brought back memories.
When I was in college in the 1980s/1990s, in my OS class, the
instructor told of a time when he was walking down a hallw
On Tue, Dec 17, 2024 at 06:45:05AM +0100, to...@tuxteam.de wrote:
Do you have a reference?
I ask because I'm in the middle of a discussion (and that was my advice,
too). Seeing what Schneier has to say on that would be very interesting.
All of this advice is overly simplistic. The right answer
On Tue, Dec 17, 2024 at 12:45 AM tomas wrote:
>
> On Mon, Dec 16, 2024 at 10:22:43PM -0600, John Hasler wrote:
> > songbird writes:
> > > perhaps because the accounts are jointly owned and it is much easier
> > > to just continue using the credentials as they exist instead of having
> > > to set ev
On Tue, Dec 17, 2024 at 12:45 AM wrote:
>
> On Mon, Dec 16, 2024 at 10:22:43PM -0600, John Hasler wrote:
> > songbird writes:
> > > perhaps because the accounts are jointly owned and it is much easier
> > > to just continue using the credentials as they exist instead of having
> > > to set everyth
sk because I'm in the middle of a discussion (and that was my advice,
> > too). Seeing what Schneier has to say on that would be very interesting.
>
> I have a German copy of "Secrets & Lies" from 2001 in which Schneier
> discusses writing passwords down on p. 138 (
would be very interesting.
I have a German copy of "Secrets & Lies" from 2001 in which Schneier
discusses writing passwords down on p. 138 (Chapter 9 "Identification
and Authentication, Section "Access Tokens"). He says that passwords
are no worse than other "simple t
On Mon, Dec 16, 2024 at 10:22:43PM -0600, John Hasler wrote:
> songbird writes:
> > perhaps because the accounts are jointly owned and it is much easier
> > to just continue using the credentials as they exist instead of having
> > to set everything up all over again for no real gain.
>
> Then fol
53 matches
Mail list logo
