Results 1 to 4 of 4
  1. #1

    Web Craft Tutorial; More secure password protocol

    Hi all just wanted to contribute a method individuals use to make better passwords. The importance of this can be pretty real if a state or non-state actor were to hijack your account/accounts using a password you commonly reuse.



    Depending on what you use computer/internet for one could be exposing themselves to liability such as identity theft.

    Below is a method to develop a more secure passphrase than what you are probably using now. All you will need is a sheet of paper and one six sided dice. You can create your own word list using words from a dictionary, though people tend to create recognizable patterns over time.


    Link to a prepolulated list. - http://world.std.com/~reinhold/dicewarewordlist.pdf




    1. Decide how many words you want in your passphrase

    2. Roll the Dice and record the result on a piece of paper (do this in groups of 5)

    3. Look up corresponding number in your list and write down/memorize word.

    4. Once you have memorized the passphrase you can shred burn or attempt to securely store the information in a secure location.


    I recommend destroying any paper you use as part of this exercise.
    because even solitude is better than evil company. - Bartolomeo Scala

  2. #2
    Senior Member Unboxxed's Avatar
    Join Date
    Mar 2014
    Location
    USA
    Posts
    1,354
    Reputation
    5049
    Type
    enigmatic

    Re: Web Craft Tutorial; More secure password protocol

    Well, this was interesting. At first read, I thought to myself, why bother with dice? Why not throw darts at an eye chart on the wall, or close your eyes and poke your keyboard five times with your finger, selecting where you poke? Or, throw your dice onto the keyboard and use which keys upon which they land?

    I found an article which provided some detail to this concept:

    Passphrases That You Can Memorize — But That Even the NSA Can’t Guess

    although, while reading it, I realized they are talking about passphrases when all the websites I use require only passwords, where they restrict the length and content of the password. So, a non-techie like me, when would I use passphrases? They confirm this difference here:

    Now that you know passphrases, here’s when to avoid them

    Diceware passphrases are great for when you’re typing them into your computer to decrypt something locally, like your hard drive, your PGP secret key, or your password database.

    You don’t so much need them for logging into a website or something else on the internet. In those situations, you get less benefit from using a high-entropy passphrase. Attackers will never be able to guess a trillion times per second if each guess requires communicating with a server on the internet. In some cases, attackers will own or take over the remote server — in which case they can grab the passphrase as soon you log in and send it, regardless of how strong or weak it is cryptographically.

    For logging in to websites and other servers, use a password database. I like KeePassX because it’s free, open source, cross-platform, and it never stores anything in the cloud. Then lock up all your passwords behind a master passphrase that you generate with Diceware. Use your password manager to generate and store a different random password for each website you log in to.
    Perhaps I can use a passphrase when logging into my laptop (in case of theft), if Windows 10 will let me.

    Comments, anybody?
    The two most important days in your life are the day you were born and the day you find out why. - Mark Twain

    Most men lead lives of quiet desperation and go to the grave with the song still in them.
    - Henry David Thoreau

    You're better than any man you outlive.
    - me

    There are 10 types of people in the world - those who understand binary, and those who don't.

  3. #3
    Senior Member Mr Wombat's Avatar
    Join Date
    Mar 2014
    Posts
    3,347
    Reputation
    13779
    Type
    Neutral

    Re: Web Craft Tutorial; More secure password protocol


  4. #4
    Senior Member
    Join Date
    Apr 2014
    Posts
    305
    Reputation
    1102
    Type
    Bachelor

    Re: Web Craft Tutorial; More secure password protocol

    Personally I use Keypass to save my passwords and generate them. It is a handy bit of software which actually shows you how difficult the password is to guess.


Similar Threads

  1. Replies: 22
    Last Post: June 23, 2014, 6:42 PM
  2. Replies: 1
    Last Post: April 19, 2014, 6:17 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •