[lug] password generating techniques

Davide Del Vento davide.del.vento at gmail.com
Wed Mar 21 08:48:35 MDT 2012

> /dev/random?

Are you serious or are you kidding? (sorry, this sounds like
http://en.wikipedia.org/wiki/Poe%27s_law )

If you are kidding, fine :-D

If you are serious, you missed the point. The discussion here is how
can I *remember* tens if not hundreds of these passwords, not how can
I generate them. Since I cannot remember them all, I see the following

1) use weaker passwords, easier to remember
2) use a single strong password, shared among all the services I use
3) use a (mental) algorithm to generate site-specific passwords from a
single strong one
4) use a password manager like Kevin suggested
5) use something like OPLOP
6) write the strong passwords on a piece of paper

Of course 1) and 2) are bad, you don't need me to tell you why. 3)
could be ok, but being "mental" it must be easy and thus it can be
easy to crack and it is only security by obscurity. I replied to Kevin
with my objections to 4) so I won't repeat myself. It looks like 5) is
the best choice, but I had the questions with which I started this
thread. Option 6) adds the physical security problem to the computer
security problem, and add the inconvenience of transporting this piece
of paper with me at all the time in a secure manner.


More information about the LUG mailing list