On 2019.02.04 06:10, Nikos Chantziaras wrote:
On 04/02/2019 07:47, Dale wrote:
How do you, especially those who admin systems that are always being
hacked at, generate strong passwords that meet the above? I've
googled
and found some ideas but if I use the same method, well, how many
others
are using that same method, if you know what I mean. ;-) Just
looking
for ideas.
I don't use a password manager. For website logins, I just use the
password manager in the browser (Firefox), which does not use a
master password :-P I just assume my own system is not going to be
compromised.
For the websites I use, I generate a unique password per site using
this command:
$ pwmake 128
This generates a password using 128 bits of entropy from
/dev/urandom. You need dev-libs/libpwquality being installed (it's a
dep of something important, I think, so should be installed on most
systems already.)
For remote systems I administer through SSH, I don't use passwords. I
use a public/private key pair to log in (4096 bits.) My private key
is protected with a strong password though, but it's easy to remember
since it doesn't need to change. Something like:
ilp&mac4d@4*r
Which is short for:
I like pizza and macaroni for dinner at four star restaurants.
The problem I have with many of these suggestions is that I have
multiple devices (two desktops, two laptops, tablet, android phone) I
use sufficiently often that I either need to be able to remember the
passwords or have some way of easily accessing them when I'm not
sitting at my main desktop. Other than using a password manager (which
I do not currently have) how to others deal with this?
Jack