Thread: O/T: internet security question (leaked details)
View Single Post
  #64   Report Post  
Posted to uk.d-i-y
Chris Green Chris Green is offline
external usenet poster
  
Posts: 1,970
Default O/T: internet security question (leaked details)
John Rumm wrote:
On 21/07/2020 11:28, Chris Green wrote:
John Rumm wrote:

I mean, another thing to look at is wifi password. Now if its too hard,
nobody can remember it, if its too simply people can guess it, and of
courrse many devices that use a cloud storage system actually store it,
supposedly encrypted.

A decent password ought not be "memorable". If you need it, go look at
the written record of it (the plate on the back of the router if you
like), or use the WPS button for creating new connections.

Surely a decent password *has* to be memorable

Alas the days when passwords of adequate complexity being memorable are
long since gone for most users. Yes you can probably deal with a few
that are ok, but for hundreds of unique passwords for all the things
that need a password?

You (anyway I) don't need hundreds of secure, unique, passwords. I
need lots of insecure passwords but only half a dozen or so really
secure ones. All those web forums and shops (as long as you don't
give them your credit card details) don't need secure passwords, what
do you lose if someone breaks one of them?


because otherwise you
have to have a written copy somewhere that someone else can find.

For certain values of "written" - yes they could be on paper, but
equally in a password manager or some other form of encrypted storage.

Er, but the password manager needs a password/key.


(actually we are quite good at keeping safe small amounts of paper -
like stuff in your wallet)


A
password manager doesn't get over this issue because you have to have
a memorable password for the password manager.

However it does get past a few of the issues, since you probably can
remember one really good password that gets you into the manager[1].

.... and when you're out and about and need access to your bank
account, or your money transfer system, or whatever and you don't have
the password manager with you?


If you link that to 2FA then you have less chance of it being
compromised as well as a recovery mechanism.

(and good password managers don't store plaintext passwords online - any
encryption / decryption being done only at point of use)

To my mind good password managers don't store your passwords anywhere
that isn't 'yours'! :-) The one thing I have considered for this
sort of thing is a memory stick with the program and password storage
on it. You could even have a stick with Linux and Windows and Mac
softwre to decrypt the password so can stick it in a friend's computer
if necessary.

--
Chris Green
ยท
Reply With QuoteReply With Quote