diff options
Diffstat (limited to 'journal/Passwords.mdwn')
| -rw-r--r-- | journal/Passwords.mdwn | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/journal/Passwords.mdwn b/journal/Passwords.mdwn index adbdd19..5708934 100644 --- a/journal/Passwords.mdwn +++ b/journal/Passwords.mdwn @@ -4,3 +4,13 @@ Passwords ========= <img src="passwords.png" alt="Graph: Y-axis: number of my own passwords compromised, X-axis: time. It's all like, none, none, none, then one, and then five. A sudden change!"> + +Thank you, [Have I been pwned?](https://https://haveibeenpwned.com/)! + +Although I'm only partially vulnerable to password reuse, and only on low-value domains, the spate of recent breaches that my own accounts have been involved in has motivated me to switch away from my very clever, strong personal algorithm (read: idiotic) to random machine generated passwords. + +Obviously random passwords are superior. I resisted them this long because of the problem of storage... I used to memorize all my passwords, and never write them down or store them ANYWHERE. My intuition was that this practice was much stronger than using a password manager of any kind... + +HOWEVER, that intuition is apparently incorrect due to a category error: the stored passwords are randomly generated, and the memorized passwords were algorithmically generated, and thus more vulnerable to reuse. Moreover, so far, the hashes (or cleartext!) of five or so of those memorized passwords have been disclosed. At that rate... I'll eventually be burned. + +Of course, the penalty for disclosure of my own password database is absolutely dire. I'm using yapet... Wish me luck! |