Subj : Re: Determining Password Strength
To   : warmfuzzy
From : poindexter FORTRAN
Date : Thu Apr 09 2020 11:47:00

-=> warmfuzzy wrote to All <=-

 wa> I am relaying this information because I think it will be useful for
 wa> you.  If you have things like this that you come across, please write
 wa> about it here.

This might be a good opportunity to talk about password storage security - 
what are you all doing?

I'm using Keepass v.2 on my desktop, storing the password file on Google 
Drive - that way I can get to it from my Android phone and from my desktops 
(Linux and Windows).

What I love about it is being able to generate passwords based on length and 
complexity. I used a default password for a long time, and after the Yahoo 
breach, set out to change every password that used my default password. (it 
wasn't my Yahoo! password, the Yahoo! breach was just the inspiration)

I'm frustrated by sites that impose retrictions on password complexity. I've 
had sites complain about 20 character passwords, sites that allow some 
special characters and not others, sites complain about 3 consecutive 
letters when picked at random, and so on.

I don't think that anyone is going to use a password cracker on an encrypted 
password leaked from cheapelectronicsfromchina.com these days, they're more 
likely to buy a password list for pennies per thousand on the web and look 
for compromised credentials that were re-used.

So, let me use my long, unique password!


.... If it isn't broken, I can fix it.
--- MultiMail/XT v0.52
 * Origin: http://realitycheckbbs.org (700:100/20)

.