[Cryptography] Recommendations in lieu of short AES passphrases
Michael Kjörling
michael at kjorling.se
Sat Sep 17 06:37:01 EDT 2016
On 16 Sep 2016 13:27 -0700, from jsd at av8n.com (John Denker):
> If you don't give users a password manager program, either they will
> forget one or more passphrases, or they will invent their own ad-hoc
> password manager, perhaps an index card in their wallet (which puts
> them at risk from muggers at pickpockets),
On the other hand, people are _far_ more likely to notice that their
wallet is missing than that someone has surreptitiously logged into
their e-mail or social media account. While I don't advocate the
trivial means of writing passwords down (see [1] for some actual
suggestions; feedback on that page welcome!), if someone _has_ to
write a password down for some reason, I'd rather it be on a piece of
paper kept in their wallet on their person, than on a post-it attached
to the keyboard or screen, or in a text file kept on their computer's
desktop!
[1]: https://michael.kjorling.se/computers/passwords
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the cryptography
mailing list