this post was submitted on 13 Mar 2024
1019 points (96.9% liked)
Memes
45889 readers
1688 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Rainbow tables and presumably newer stuff I haven't heard of make this sort of thing weaker than it used to be
Yeah I thought about adding a note that it's pretty outdated - and dictionary based scans were always possible even if less common in the old days - like those infamous passwords "God", "Love", "secret", or like "admin".
The artist is pretty smart most of the time though so I presume they were aware of that possibility and meant that on a more basic level there are multiple ways to make passwords easier for a user to remember, not necessarily just this one rather simplistic take but as part of a whole approach. Then again, they didn't say that, and instead said this, thus the controversy.
Personally I gave up entirely and now I don't even know what any of my own passwords are, though my password manager does:-). I guess... if you cannot beat them, join them!?:-P
My current favorite "memorizable" method (obviously a random hash from a PW manager is still better) is to take a sentence of moderate complexity that includes the name of the service you're signing up for in it, and use the first letter of each word as your password.
For example, "When I wake up in the morning, the first thing I do is go to pawb.social."
Password would be "WIwuitm,tftIdigtps."
Easy to remember, immune to dictionary attacks, and you get a (mostly) unique password for each service, so stolen passwords can only access that one thing.
Edit: To be clear, the value is that you can use the same sentence everywhere, switching out the name of the service to generate semi-unique passwords for each service. Obviously someone analyzing your passwords would be able to figure out the pattern, but that's basically never what actually happens; it's more likely someone gets 1 password and tries your email address + that PW in a variety of services, which this is strong against.
I dunno, all I do is hit copy, then go to the website and hit paste, and that's pretty easy as well:-P.
I do need to step up my game for work though, b/c it keeps asking me a password multiple times a day so if I could rattle one off that would be better than having to open up my password manager and get it.