On Mon, 2017-06-19 at 00:17 -0700, Joe Zeff wrote: > On 06/18/2017 08:21 PM, Tim wrote: > > I completely agree, it's just as impossible to guess that a password is > > "$#DfSGxS" than "sickturtlepyjamas", and I know which one is easier to > > remember and type. With the peculiar password rules, I have no choice > > to but to do the insecure and write down passwords somewhere (whether > > that's on paper or on file). You're not supposed to write passwords > > down anywhere. > > I may have mentioned this before, but I have a friend who uses (roughly) > ThisIsAVeryVeryLongPassword for his WiFi, on the grounds that it's just > as hard to guess as the type of gibberish that most security "experts" > recommend, and a lot easier to remember. The problem with many of these "rules" is that they don't apply universally. A password suitable for a banking site is one thing, and a password for your home Wifi network is another. Never write down the first one (use a password manager), but feel free to write down the second one and keep it in a drawer. And where possible, use your router to configure a guest network with a different password and more restricted access for those times when you have visitors. I have a number of bank accounts in several countries (for perfectly legitimate reasons, I hasten to add) and in my experience each bank has its own rules which as often as not mitigate *against* good security practice, e.g. forcing you to change the password every 3 months (which invites password1, password2, password3 ...) or having their own peculiar Javascript which blocks you from using a password manager. One of them even disallows cut-and-paste, which tempts the user to have a password simple enough to remember and type by hand. poc _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
