summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsebboh <sebboh@web>2016-09-22 09:18:01 -0700
committerdoer <iki-doer@www.fairlystable.org>2016-09-22 09:18:01 -0700
commit6fd065292966439741673dd9f6ea10644fc3e1dd (patch)
tree0629bff286faeccdec324e66d8889f0d2a738594
parentd974829c4fb1dba18995a54979e3558679d7e8f8 (diff)
downloaddoer-6fd065292966439741673dd9f6ea10644fc3e1dd.tar.gz
doer-6fd065292966439741673dd9f6ea10644fc3e1dd.zip
-rw-r--r--journal/Passwords.mdwn10
1 files changed, 10 insertions, 0 deletions
diff --git a/journal/Passwords.mdwn b/journal/Passwords.mdwn
index adbdd19..5708934 100644
--- a/journal/Passwords.mdwn
+++ b/journal/Passwords.mdwn
@@ -4,3 +4,13 @@ Passwords
=========
<img src="passwords.png" alt="Graph: Y-axis: number of my own passwords compromised, X-axis: time. It's all like, none, none, none, then one, and then five. A sudden change!">
+
+Thank you, [Have I been pwned?](https://https://haveibeenpwned.com/)!
+
+Although I'm only partially vulnerable to password reuse, and only on low-value domains, the spate of recent breaches that my own accounts have been involved in has motivated me to switch away from my very clever, strong personal algorithm (read: idiotic) to random machine generated passwords.
+
+Obviously random passwords are superior. I resisted them this long because of the problem of storage... I used to memorize all my passwords, and never write them down or store them ANYWHERE. My intuition was that this practice was much stronger than using a password manager of any kind...
+
+HOWEVER, that intuition is apparently incorrect due to a category error: the stored passwords are randomly generated, and the memorized passwords were algorithmically generated, and thus more vulnerable to reuse. Moreover, so far, the hashes (or cleartext!) of five or so of those memorized passwords have been disclosed. At that rate... I'll eventually be burned.
+
+Of course, the penalty for disclosure of my own password database is absolutely dire. I'm using yapet... Wish me luck!