undefined | Better HN

0 pointsrjsw6mo ago0 comments

0 comments

eru6mo ago

Why would you want to memorise a password? That's what password managers or even paper is for.

(Writing your passwords down on paper is actually less crazy than it sounds like:

It's impossible to hack paper from the internet. And, if someone has physical access to your stuff, they could install a keylogger anyway.)

Terr_6mo ago

> Why would you want to memorise a password?

You'll definitely want to memorize the password to the backup service that has the last copy of your password vault after a disaster. :P

> Writing your passwords down on paper is actually less crazy than it sounds

I agree that physical security can be incredibly useful against a lot of modern threats... but we can do better. I wish there was a dedicated password-keeper device format of:

* A small keyboard and screen

* The data encrypted at rest by one master password

* Only permits upload/download of the the encrypted file over USB. With some companion software, you just plug it into your computer, computer copies the encrypted file to somewhere on disk that gets regularly backed up, the disconnects and beeps to tell you it's done.

* Sturdy enough that any "Evil Maid" attack needs to be done by a professional rather than a conniving roommate or jilted partner.

* Tracks history of entries, last-changed, etc.

eru6mo ago

> You'll definitely want to memorize the password to the backup service that has the last copy of your password vault after a disaster. :P

Why? Write it down. Perhaps leave multiple paper copies around with some trusted people, like your lawyer and a safe deposit box at your bank.

Your proposed device seems a bit complicated. You can get pretty far with a piece of paper and this protocol:

Construct your password from two parts. (1) random gibberish you write down on paper, (2) a 'correct horse battery staple'-style part that you memorise.

Btw, have you looked into Yubikeys? They are better than password storage, because they can store your private keys and do signing with them. The key never leaves the device. (They can also store passwords, I think.)

2 more replies

OptionOfT6mo ago

For secret answers like this I have Bitwarden generate a set of words that I put in. The words are actual English words, so the 'random gibberish' moniker wouldn't be correct.

But at least the answer doesn't match the question.

I've also learned to store the question, as some websites make you select the question before providing the answer. And my answers don't allude to what the original question was.

eru6mo ago

> I've also learned to store the question, as some websites make you select the question before providing the answer. And my answers don't allude to what the original question was.

I usually pick the first or default question. But yeah, that order might change.

avhon16mo ago

Passwords in this style (passphrases) are also much easier to transcribe to devices that don't have or support password managers, or when sharing a password verbally or in writing.

juped6mo ago

got to have a password manager password, and a login password

eru6mo ago

Write that down on a piece of paper.

j / k navigate · click thread line to collapse

0 comments

eru6mo ago

Why would you want to memorise a password? That's what password managers or even paper is for.

(Writing your passwords down on paper is actually less crazy than it sounds like:

It's impossible to hack paper from the internet. And, if someone has physical access to your stuff, they could install a keylogger anyway.)

Terr_6mo ago

> Why would you want to memorise a password?

You'll definitely want to memorize the password to the backup service that has the last copy of your password vault after a disaster. :P

> Writing your passwords down on paper is actually less crazy than it sounds

I agree that physical security can be incredibly useful against a lot of modern threats... but we can do better. I wish there was a dedicated password-keeper device format of:

* A small keyboard and screen

* The data encrypted at rest by one master password

* Sturdy enough that any "Evil Maid" attack needs to be done by a professional rather than a conniving roommate or jilted partner.

* Tracks history of entries, last-changed, etc.

eru6mo ago

> You'll definitely want to memorize the password to the backup service that has the last copy of your password vault after a disaster. :P

Why? Write it down. Perhaps leave multiple paper copies around with some trusted people, like your lawyer and a safe deposit box at your bank.

Your proposed device seems a bit complicated. You can get pretty far with a piece of paper and this protocol:

Construct your password from two parts. (1) random gibberish you write down on paper, (2) a 'correct horse battery staple'-style part that you memorise.

2 more replies

OptionOfT6mo ago

For secret answers like this I have Bitwarden generate a set of words that I put in. The words are actual English words, so the 'random gibberish' moniker wouldn't be correct.

But at least the answer doesn't match the question.

I've also learned to store the question, as some websites make you select the question before providing the answer. And my answers don't allude to what the original question was.

eru6mo ago

> I've also learned to store the question, as some websites make you select the question before providing the answer. And my answers don't allude to what the original question was.

I usually pick the first or default question. But yeah, that order might change.

avhon16mo ago

Passwords in this style (passphrases) are also much easier to transcribe to devices that don't have or support password managers, or when sharing a password verbally or in writing.

juped6mo ago

got to have a password manager password, and a login password

eru6mo ago

Write that down on a piece of paper.

j / k navigate · click thread line to collapse