Midnight Pub

Don't choose long passwords

~littlejohn

Don't use long passwords.

They're really easy to get wrong when you're drunk, and if you have your `pass` alias written out to erase your pass file if you type it incorrectly more than twice, you know, just in case, this can get pretty ugly pretty soon.

Bartender, I'll have some water, please? Cold, if possible.

Oh and do you have, erm, sandwiches, of any kind? I kind of have the post-beer munchies...

---

Note: the trigger alert is there in case anyone's struggling with addiction. I know -- from second-hand experience, fortunately -- that this is tough. Please don't worry about me, I've never struggled with it and I'm actually completely fine, I just went out for drinks with an old friend, and it seemed a little funny that it took a few attempts to type my master password.

I got it right, too!

Write a reply

Replies

~eaplmx wrote:

I use Bitwarden to store passwords of about 32 random characters (unless there is a restriction for fewer characters).

My main problem has been writing those long pwds on devices like TV sets, or guest mode PCs, where I can't easily copy them.

Some shortcuts have appeared like scanning a QR code or inputting a single-use code. But it seems will never become a standard.

For those cases I use a sequence of 5-8 words to have 'more entropy' in a simple way to input it. But... ¯\_(ツ)_/¯

~tatterdemalion wrote:

Yeah, I use diceware passphrases for any passwords that I have to remember and type often (as opposed to passwords that live in KeepassX or Firefox), and at work, they lock your account after three failed logins... to *any* service using their single-signon. But the help desk will unlock it over the phone without any evidence that the caller is the owner of the account.

Personally, I like the idea of applying exponential backoff to password attempts.

~kijetesantakalu wrote (thread):

always bothered me when systems lock people out or wipe after a few wrong passwords. it usually ends up stopping people who actually have the account more than attackers. both attackers and people who don't have eidetic memory use the same technique anyway: "alright, so i know i have a couple of common passwords, so let's go through variations of them because i don't remember what i used here". if it's like, a bank account or the nuclear launch codes, i understand. but being locked out of a streaming account because i forgot which password the person who signed up for it used? very annoying

Proxied content from gemini://midnight.pub/posts/717.
Get a proper gemini browser and visit!
merveilles webring (external content)

Gemini request details:

Original URL
gemini://midnight.pub/posts/717
Status code
Success
Meta
text/gemini
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.