|
||
I recently decided to upgrade my password policy to be more secure. My actual workflow is the following:
I use a set of "patterns" to build my passwords, depending on what the password is for, so that I can have different passwords everywhere that I can recover quite easily. But it's flawed in the sense that those password are "predictable". So I'm moving toward randomly generated passwords, managed via a keyring. This solution, while being more secure, require more efforts to deal with. Here are a few problems that need to be solved:
I did not found a solution to all these problems. So far, I imagined the following:
What do you think about this system, would you use it yourself? If not, what would you do differently, or what would you improve? |
||
|
||
The main drawbacks for me is portability and stupidity-proof.
It's extremely annoying, with the current solutions, to carry the db of passwords with you and to have to install the appropriate program to read it. Just imagine yourself wanting to login to your account on another machine. > Huh, wait let me plug my USB > Ah, I need to install the 32 bit version of the program to read the DB > Oh, I don't remember the password to open the briefcase In those cases you just don't login at all and wait until you get home. At the moment I stick with the passwords that are in my head and if I can't remember it there's always the "forgot your password" button. EDIT: The only good password management tool I use is the one that comes with Firefox sync. |
||
|
||
NB I'm not a sysadmin, but my thoughts are :-
A pendrive around your neck, but as pointed out above, that needs access to a usb port, which may not be available, so the only obvious alternative is a small pocketable notebook (attached to your belt at all times, whilst at work). |
||
|
||
(28-04-2015, 08:54 AM)bsdkeith Wrote: NB I'm not a sysadmin, but my thoughts are :- ![]() > Wait a sec, let me check my password. |
||
|
||
:) You could carry a whole system in that! ;)
|
||
|
||
Thinking about it again, the penkey/drive isn't really a solution for corporate companies.
When you take security courses you learn to not let anyone use any usb port on any machine you have. Just leaving a usb port open can lead to physical escalation. However, it's still a solution for personal use. |
||
|
||
Quote:> Wait a sec, let me check my password. Would totally pay for that! |
||
|
||
(28-04-2015, 10:20 AM)z3bra Wrote: "Hello mister z3bra. Your password for http://nixers.net is: 'Iluvp0niez'. Thanks for trusting banana bags security systems. Have a good day."Since when saying your password out loud is secure? PS: I'm sure someone tried to login as z3bra using Iluvp0niez. |
||
|
||
That was for the ironic part ;)
|
||
|
||
Am I the only one who does not need a password manager? I really don't see them useful, I know that some people have multiple accounts/password, but I am the same and can still manage them. They are pretty lengthy too.
|
||