[ale] OT: password gripe

wolf at wolfhalton.info wolf at wolfhalton.info
Fri Jan 1 23:26:01 EST 2010


It is easier than you think.
Your muscle-memory 'knows' the keystrokes and you write down 
What I might write down (if I write anything) is:
(page #), (para #), (line #), (word #) for instance:
108, 5, 3, 12
Since you don't know the book, how far ahead are you by knowing what I
wrote down?
Oh, I have more than one book.
Probably a good idea to avoid repeated letters.

T6w3e4e4t6 pretty much gives itself away, if you actually see it written
out, but it is not a word, per se, and it is 10 chars long, so tricky
for the automated crackers.  If they know me as well as you do, then
they might be looking for this pattern.  People who watch you for a few
weeks can figure out your pattern anyway.

-----Original Message-----
From: Chris Ness <luxomni at earthlink.net>
Reply-to: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
To: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
Subject: Re: [ale] OT: password gripe
Date: Fri, 01 Jan 2010 11:29:45 -0500


On Thu, 2009-12-31 at 16:57 -0500, wolf at wolfhalton.info wrote:
> I use a book-cipher and a modified caesar-cipher on the term from the
> book(s) for most stuff.
> This is really simple to remember but creates pretty strong passwords.
> like this - you just have to remember who your friends are: 
> 
> FTR%I(E$NJDRSER5
> Frtr45i89e34nhjdersweR$5

So you write it down (weak point) and read it and type (time out) or
memorize it (you are better than I to memorize things like that for such
limited use)

And then you have three times to get it right or the system locks you
out; and you have to either have a have a machine online with some
trivial question and answer verification unlock the system to let you
compose a new code; or have human do it over the phone the same way.
Seems like a weaker point of contact to me. 

If you are that paranoid, you might want a fingerprint scanner. I have
seen them on laptops, I presume there must be a usb dongle somewhere -
of course then you will get a paper cut and render the whole thing
impenetrable.

Maybe do it in bar code put it in your wallet (tattoo it on your
forearm?) and carry a barcode scanner around with you?

Heavy duty when you consider your bank uses a four digit passcode for
your instant bank card. 






_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100101/89cd7a16/attachment.html 


More information about the Ale mailing list