Creating a Good Computer Password
What password should I use for my computer's user login? Obviously I don't have the ability to copy and paste from my vault when I'm unlocking my computer. And I want it to be something memorable and easy to type because I use it many times per day. Should I use my master password?
Comments
-
Not a good idea to use the same password.
Generally speaking, the computer password need not be as strong as the 1PW password. This is because it is pretty much true (not completely so) that the computer is only vulnerable to someone who has access to the machine and that they cannot speed up password cracking but have to enter a password each time.
But what's your situation? I live alone and my password is between 15 and 20 characters long, and I keep my computer unlocked most of the time, so only have to enter it at startup.Even just using my birthday as my password would not be very dangerous. But my 1PW master password is over 30 characters. Both use information that I have but that is not available on Facebook or the like (my first car could be an example, but is not) as part of the password, so as to make it easy for me to remember
Bot some people want to keep their computer safe from work colleagues, others want to be sure their children cannot access their account.
0 -
Hi @aiden.dj ,
I think @danco's already given you some pretty good advice here. In particular ... please don't re-use passwords, especially your Master Password.
However, the techniques that we recommend for creating a memorable Master Password can also be useful for creating other passwords that you may need to remember and type occasionally. The article Towards Better Master Passwords is a great read and discusses how to create Diceware passwords. I use Diceware for my Master Password, as well as my AppleID passwords.
0 -
May I use this topic for my question? I could use the comment-section of the "towards better master passwords" article (which is great by the way!), but comments there are pretty old and I'm afraid my question might not be seen anymore.
So what does AgileBits think of the "diceware anywhere" method for creating passwords? http://www.instructables.com/id/Diceware-Anywhere/
I like the idea! It seems even more random to me than the diceware-list. There is only one flaw I can think of: if I use a book with a three-digit page count, any page from 1 to 99 will not be used, since a dice will not show 0 ;) So a password-cracking-tool could use that, by knowing what NOT to look for. Of course I could just use one die less in some cases to take full advantage of the book.
The one thing I like most about this: there are only so many languages, therefore only so many diceware lists available. Maybe not for every language even! So cracking-tools only have to think of so many systems. Of course, it still takes them....how long? Well, very long. But still ;)
0 -
Hi @HomerJay,
So addressing your page flaw. I would say for the very first dice to subtract one from the value so it goes from 0-5. You don't alter the probability of any value using that simple linear transformation. What would affect the distribution is manually deciding every so often to roll one less dice as that adds a human element.
One issue I have with that approach though is the strength of a standard diceware password accounts for the word list being common knowledge. So it's strength is through all the possible permutations rather than the list of distinct tokens being a secret. Now if you pick a book at random what is the distribution of words? It won't be even; you would expect a lot of determiners or conjunctions e.g.
a,the,and,ifetc. and if you start manually excluding certain words you create a bias and that's bad too.That's why diceware works. It uses a list of unique words and the steps are there to ensure human bias doesn't weaken the strength of the resulting phrase.
I'm not trying to say diceware is the be-all and end-all of random phrase generation but you do have to be careful if you're going to tweak an approach.
0
