From 6fd065292966439741673dd9f6ea10644fc3e1dd Mon Sep 17 00:00:00 2001 From: sebboh Date: Thu, 22 Sep 2016 09:18:01 -0700 Subject: --- journal/Passwords.mdwn | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/journal/Passwords.mdwn b/journal/Passwords.mdwn index adbdd19..5708934 100644 --- a/journal/Passwords.mdwn +++ b/journal/Passwords.mdwn @@ -4,3 +4,13 @@ Passwords ========= Graph: Y-axis: number of my own passwords compromised, X-axis: time. It's all like, none, none, none, then one, and then five. A sudden change! + +Thank you, [Have I been pwned?](https://https://haveibeenpwned.com/)! + +Although I'm only partially vulnerable to password reuse, and only on low-value domains, the spate of recent breaches that my own accounts have been involved in has motivated me to switch away from my very clever, strong personal algorithm (read: idiotic) to random machine generated passwords. + +Obviously random passwords are superior. I resisted them this long because of the problem of storage... I used to memorize all my passwords, and never write them down or store them ANYWHERE. My intuition was that this practice was much stronger than using a password manager of any kind... + +HOWEVER, that intuition is apparently incorrect due to a category error: the stored passwords are randomly generated, and the memorized passwords were algorithmically generated, and thus more vulnerable to reuse. Moreover, so far, the hashes (or cleartext!) of five or so of those memorized passwords have been disclosed. At that rate... I'll eventually be burned. + +Of course, the penalty for disclosure of my own password database is absolutely dire. I'm using yapet... Wish me luck! -- cgit v1.2.3