- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
So you pick a master password long and random enough that acquiring sufficient computer power to break it would take longer than the remaining lifetime of the Sun; anything over 120 bits is plenty. Ça plane pour moi.
Admin
Philosophically, I'm with you.
Practically - since I can handle* about half-a-dozen reasonably secure pieces of data.. and a few other barely secure but not important ones...
I hate being completely reliant on password restore via e-mail... so I've got them recorded. (somehow)
I still remember the terror of returning from college summer vacation to use the ATM** to realize I HAD NO CLUE what my PIN was... fortunately my fingers remembered the motions.
*I'm in the belt-onion club. ** In before: yes, this was before there were networks of ATMs*
Admin
given that statement, logically if the distance from me is zero (my password store is me) my trust in it is infinite.
Admin
that's one of the ones i no longer need to bother to memorize. i just look at the keypad of the ATM and my fingers go "it's okay, we got this"
the three building access codes i need to get from the carpark to my desk without bothering with my swype card are another set in that category. my fingers know how to do their thing to get me through the doors. Security is none too pleased that i know the codes, but i've been doing it long enough that they just know that the use of those codes at 0710 is me coming to work.
Admin
Not sure it's particularly rational to distrust a password safe that's demonstrably safer than every SSL connection you ever make, but whatever floats your boat I guess.
Admin
and..... now that I try to remember it... lost it again. :imp:
My bank started issuing $50's from the ATMs, so I stopped using the ATM for my monthly cash stash* and just head in to the tellers...
*kids' allowances, my lunch money, etc..
Admin
I can keep the passwords memorized, i have demonstrated this to myself to my satisfaction, It is impossible to get my passwords out of my brain without my knowledge (for now) it may be technologically unfeasible at this time, but it is possible to steal and crack a keepass store without the owners knowledge.
Look at humanity! I think it's fairly safe to say that rationality is not a defining characteristic of the species.I've considered the situation (keepass vs memorization) and came to the conclusion that for me keepass (and lastpass, etc) do not improve my security situation in any way, in fact they reduce it! Yes the key store may basically be fort knox, but it's still an extra place that i have to secure and it can be broken into, with memorization that store is no longer possible to break into, so the passwords would have to be stolen from the remote servers that i have no control over and are unique so they can't be used to get access to secondary services, or would need to be stolen in the wire, which is not something that keepass can secure me against.
Admin
Wow.
You can't memorize a simple 4-digit number?
Admin
Because it is windows only? (unless I use mono/wine) And basically, I'd rather have SSO be supported more as our company provides an SSO solution, so dogfooding it would be more beneficial. (also not sure how basic-auth for things like wiki work with SSO).
Plus, they are all the same password since it is my ldap account, so not like I need some big solution for that.
Admin
(I've actually pondering moving to KeePass all this now, but slowly...)
I'm figuring keeping the key-store non-Cloud... is possibly an improvement for me.
Do you have everything memorized? What do you do for the stuff beyond the "thirty" you know by heart?
Admin
Didn't use it for 3+ months.
Plus, I think there's an effect of: it's not exactly memorized since the only time you use it, it goes straight to from brain to fingers...
Counter-example: your phone number - you dial it, you tell it to people, and you write on forms... so it needs to be memorized as data.
INbIV: OK you used to have to....
Admin
I never knew any of my cell phone numbers - always had to look them up. Still don't, actually.
Admin
and you were complaining about not remembering a pin number after months of disuse?
Admin
I use KeePass 1.x on Windows, KeePassX on Linux (also available for OS X), KeePassDroid on Android and MiniKeePass on iOS; all of them support the same password database format. I keep the canonical copy of my password database on Dropbox, and I also keep a copy on a micro SD card in an Elago Nano reader attached to my car keys (that one doesn't need to be particularly up to date, as the only vital thing inside it is my Dropbox credentials).
With KeePassDroid, selecting a password database entry creates a persistent Android notifications for the username and another for the password; touching either will copy its content to the clipboard. MiniKeePass relies on iOS having a clipboard that can hold more than one item. Both work well, and I am much happier with the impenetrability of a KeePass database compared to the native "security" provided by mobile devices' native keyrings.
Fair enough.
Me either. KeePass handles browser auth popups without difficulty.
Admin
Cell phone number = 10-ish digits PIN = 4 digits, highly likely to have easy patterns (think of ones like 6969 or 1397 or ...)
Admin
you mean like the sort of patterns that some banks have started rejecting as PINs? (thereby making the already weak PIN weaker by reducing search space)
Admin
Over where I live (Northern France, if you haven't been paying attention), you can get some pretty decent stuff in the hypermarchés, and a good boucherie would be even better. (Makes me think of the full-service butcher's near where I lived in the western end of Nashua, NH, that used to sell us beef kidneys at fifty cents a pound in 1989-90, because that was a buck fifty a pound more than anyone else would buy them for, as it were.)
Admin
Why all the fuss about TYPING? People love to click and don't like security so an Access Database would be perfect! and you can even put the company logo on the form!
Admin
:giggity::giggity:
Admin
http://www.operatorchan.org/s/src/138626004660.jpg
Admin
There is one called Les Mousquetaires ...
[image]I have searched several times but never found an épee in one
Admin
Yeah, we have those too in Poland:
http://swidnica24.pl/wp-content/uploads/2011/12/intermarche.jpg
Never been there, though.
Admin
Admin
Notice the clearly visible muskets used by those musketeers.
Sword shaped muskets.
Oh, yes, and the reason you can't find épées is that they are musketeers.
You know, soldiers who use muskets.
Admin
The linked site does
Referershenanigans…Admin
rehosted
Admin
So the image is broken for everybody? That makes @ijij TR :wtf: , then.
Admin
Except people who have actually gone to the site by hand, yes. As I said, shenanigans.
Admin
worked fine for me.
nope, i rehosted it for you.not in the original post as i lack that power, but still.
Admin
OK, now I see the picture. Doesn't tell me anything useful, though. Sure, every picture tells a story, but sometimes a few words are needed to explain just which story is being told.
Admin
I saw the original image in the post without doing anything.
Admin
Same!
Admin
-shrug- welcome to my world. doesn't mean much to me either, but at least we're on the same page now
Admin
Probably a pun related to "marching"?
Admin
Admin
i assum some punning is involved in that image, yes.
Admin
Ah, I see. I guess the fact that when I look at the word hypermarché, I see a prefix "hyper-" meaning, in context, bigger than "super-", followed by "marché", French for market (OK, it's also the past participle of "marcher", to walk, but that doesn't say much to me about marching either) might have a little to do with why the joke failed.
Admin
:facepalm:
The ultimate French hyper-march... Retreat from Moscow.
Sigh.
Admin
I thought your password management consisted pf remembering which language version of War and Peace you use for which sites...
Admin
Store, maybe. Type them out, on the other hand...
Admin
ha! yeah i've used that attack occasionally for testing password limits, but for day to day, not exactly
/me tries to hider her title behind her bach
shirley you don't maen i'm liabel to tyop my paswsord?
Admin
"No, you wouldn't'" said the Frankie mouse, "you'd be programmed not to."
Admin
Well, in the case of hyperintelligent mice from another dimension i think i'm rather fxxxed regardless, no?
Admin
What?
I don't understand.
Where's the tea?
Admin
So deep is your misery that you have no tea.
Admin
Who needs tea?
Admin
But do you have tea?
http://www.douglasadams.com/creations/infocom.gif
Admin
VEGAN CAFE.
Admin
I'm feeling microaggressed by your superior memory.
I currently have 142 entries in KeePass. Some of those will probably not be used, but some I don't use for several years. Not to mention differing user names. Ugh.
Admin
Filed under: Life without tea is not life; it is merely existence, and a very meagre existence, at that.