Neil Bothwick wrote: > On Fri, 08 Feb 2019 15:26:22 +0100, Kai Peter wrote: > >>> The was a tool in portage this did this. I tried it but it did not >>> work in the real world because you couldn't set a rule for generated >>> passwords >>> that matched the requirements of all sites, for example some require a >>> non-alphanumeric character while other sites only allow alphanumerics. >>> >>> I can remember what the tools was called, although I'm pretty sure it >>> was written in Python. I'd be interested to know how you get around >>> the conflicting restrictions as this seems a good way to do things. >> By using an existing tool you have to live with its restrictions >> always. But who says that it could not be done? > It wasn't so much a restriction in the tool as the sites, which have > conflicting requirements for passwords - especially the ones that have a > MAXIMUM password length. > >
This is something I've ran into on several occasions using LastPass' generation tool. Some sites allow the symbols, letters above the number keys, but don't allow one or more specific ones. A couple examples, the "!" key is a common one not allowed. Others that are sometimes excluded are the "$" and "*" symbols. So I end up telling LastPass to generate passwords until it gets one without any of those characters or I turn off the symbols all together. Of course, turning those off makes a password easier to crack/hack. I did run up on one site recently that allowed any character, all symbols included, and could be as long as 60 characters. I think spaces was the only thing on the keyboard not allowed. Thing is, it wouldn't accept anything longer than 28 or so for me. I started out at 40 and kept dropping down a few digits until I hit the one it would accept. If it had accepted a random password that long with symbols included, I would think hackers would have to attack something besides the password. That is one long password. I've seen paragraphs shorter than that. According to a couple of the test sites, it would take trillions of years to crack a 40 digit password much less 60. Pretty hard thing to get past. What surprises me, a couple sites that I would like to have longer passwords on, won't accept anything longer than a couple dozen characters. I wish all financial sites would take 60 or so like the other one I use. I'm not sure why they limit it to that number. Common software limit maybe? This is one thing about having so many different password tools and each person picking what they like. It makes it harder to figure out how passwords are generated and tracked. Each tool has its own methods. It's sort of like the password strength sites. I didn't rely on one site. I used several plus some common sense as well. If all sites think a password will take thousands of years or more to crack, it is likely a good password. Then apply some common sense to confirm it of course. I ended up with a password that was easier to type and very strong, even stronger than what I started with. The odds of someone just guessing it is virtually zero. The things it is based on is not something anyone other than me would likely consider for creating a password. It's not pets, family names, date of births or anything like that. Heck, even if someone was sitting in my chair, they would be clueless. Even people who know me best would never be able to figure out what it is based on much less how I put it in the password or which ones. Thing is, I think I'll be able to remember it easy enough. I suspect that anyone trying to hack us Linux users, users of this list especially, would have a rough road ahead of them. Based on replies here, some have some pretty good methods of coming up with a password. Let us hope none of us dies instantly and takes the passwords with us. o_O I put mine in a fire safe. Just in case. Dale :-) :-)
