On Sun, 20 Nov 2016 14:36:54 -0600 Michael Catanzaro <mcatanz...@gnome.org> wrote:
> On Sun, 2016-11-20 at 12:29 -0700, Kevin Fenzi wrote: > > One question: So, 6 months is long enough for you to use a longer > > passphrase, but 1 week is not. Where is the line? > > I don't know. 6 months seemed good to me. What is the security goal > here? Well, this same ticket will hopefully be used to sign you into various Fedora Infrastructure websites too at some point, so 6 months is way too long for that IMHO. > > and Two suggestions: > > > > 1. Use a password manager? I recommend 'pass' it's quite simple, > > uses gpg and files in a git repo. Then you fas password is just a > > 'pass -c fas' away. > > I already use seahorse because I use Fedora Workstation. There's > absolutely no way to use different passwords for different services > without a password manager, so good thing it's built-in to our > desktop. Does this new system have secret service integration? (I > doubt it.) Sure, use whatever you like. pass uses gpg, so if you are using gnome-keyring it can cache your passphrase for you, but not sure what other integration you mean. > > 2. Use a passphrase you can remember. Isn't: > > > > My FAS password is long, but I can always, always remember it.! > > > > easier to remember than some > > > > jkas63opqp > > > > string? > > > > kevin > > I can't type half that many worlds without a typo or two, so that's > going to be frustarting. ;) Why would somebody want to type that long > thing rather than "2016sucked"? Because it's much easier to remember and its much less easy to crack. You just typed this email without (at least any that I saw) typos. ;) > Anyway, from 3 minutes of looking into Kerberos it's not clear to me > whether password strength is actually important, and it is clear I'm > not qualified to write about it, so I'll shut up now. I'll stop here too. ;) kevin
pgpX8MYiqMS8r.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
