On Mon, 09 Dec 2019 16:31:35 +0100 Jonas Smedegaard <jo...@jones.dk> wrote:
> Quoting Charles Curley (2019-12-09 15:56:26) > > On Sun, 8 Dec 2019 18:55:12 +0100 (CET) > > <l0f...@tuta.io> wrote: > > > > > Usual advice : use strong passwords (i.e. long enough with high > > > entropy => generated&stored in a dedicated password manager) AND 1 > > > different per service, never the same. > > > > There is a handy password generator available on Debian, called APG > > (Automated Password Generator), which will generate passwords for you. > > The default settings yield a fairly strong password, but you can modify > > those to make the results even stronger. > > I dislike APG because it generates passwords difficult to remember - > without aiding in how to deal with that, which has a high risk of > passwords getting stored on physical notes in the top drawer... I use 'pwgen', whose manpage begins thus: ***** The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. Human-memo‐ rable passwords are never going to be as secure as completely completely random passwords. In particular, passwords generated by pwgen without the -s option should not be used in places where the password could be attacked via an off-line brute-force attack. On the other hand, completely randomly generated passwords have a tendency to be written down, and are subject to being compromised in that fashion. ***** Although I almost always use it with its --secure option, since I don't try to memorize passwords, but instead record them (in a plain text file) - who can remember hundreds of passwords? > For strong yet rememberable passwords, I recommend this: > > xkcdpass > > More information: https://lwn.net/Articles/713806/ > > (yes, above aricle also references the XKCD cartoon!) > > For non-rememberable passwords, I recommend this: > > pass > > More information: https://lwn.net/Articles/714473/ I suppose that this is just a better, more scalable / manageable version of what I'm doing by hand - generating secure passwords and recording them to disk. I'm going to look into it. Celejar
