Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Master password idea
Message
<blockquote data-quote="MacDefender" data-source="post: 994510" data-attributes="member: 83059"><p>Passphrases are definitely a good idea. I'd still recommend having a password manager generate secure passphrases for you, though. Unfortunately, humans are bad at generating random entropy.</p><p></p><p>My only concern with this approach is that "themes" can lead to guessable passwords if someone has cracked one or knows your algorithm. The number of famous paintings that a non art geek remembers is probably up in the 1000 range, which makes it vulnerable to a dictionary attack. This is especially deadly if, for example, you use one of these passwords at a website that doesn't hash their passwords and your password leaks online. If I saw a password like this, the first thing I'd do is build a dictionary attack out of Wikipedia lists of paintings <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /> </p><p></p><p>Finally, I find that words are more "glanceable" than random passwords. You can try this yourself -- give yourself a half second glimpse of a phrase password versus a half second glimpse of a random alphanumeric password. The human brain seems to read words quicker and remember them better, and that can work against you if you accidentally reveal a password to someone by pressing the wrong button on a web form, for example (Amazon's app is infamous for having a checkbox under the password field that says "Show password", when most people expect "Remember my password")</p><p></p><p>But yeah, it could be a great password scheme, just keep it to yourself and don't let anyone else know.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 994510, member: 83059"] Passphrases are definitely a good idea. I'd still recommend having a password manager generate secure passphrases for you, though. Unfortunately, humans are bad at generating random entropy. My only concern with this approach is that "themes" can lead to guessable passwords if someone has cracked one or knows your algorithm. The number of famous paintings that a non art geek remembers is probably up in the 1000 range, which makes it vulnerable to a dictionary attack. This is especially deadly if, for example, you use one of these passwords at a website that doesn't hash their passwords and your password leaks online. If I saw a password like this, the first thing I'd do is build a dictionary attack out of Wikipedia lists of paintings :D Finally, I find that words are more "glanceable" than random passwords. You can try this yourself -- give yourself a half second glimpse of a phrase password versus a half second glimpse of a random alphanumeric password. The human brain seems to read words quicker and remember them better, and that can work against you if you accidentally reveal a password to someone by pressing the wrong button on a web form, for example (Amazon's app is infamous for having a checkbox under the password field that says "Show password", when most people expect "Remember my password") But yeah, it could be a great password scheme, just keep it to yourself and don't let anyone else know. [/QUOTE]
Insert quotes…
Verification
Post reply
Top