undefined | Better HN

0 pointsjermaustin18y ago0 comments

If you can remember it that means you need to change it! I refuse to look at any of my generated passwords. For the services that wont let me paste in, I have a macro that will type whats on my clipboard. Just a simple auto IT script with a WAIT (so I can make sure I focus on the input box) and SEND.

My password manager also clears the clipboard if it is equal to the last password copied after a wile (I've never timed it).

0 comments

SamBam8y ago

> If you can remember it that means you need to change it! I refuse to look at any of my generated passwords.

I'm trying to understand the reasoning for this. Are you dealing with very sensitive information that you have a real reason to fear the rubber-hose cryptanalysis method?

syncsynchalt8y ago

More because you'll develop a resistance to changing the password, since you'll have to start over on memorizing the new one.

dainichi8y ago

AFAIK the benefit of changing passwords regularly is highly debatable anyway. If so, I think "Don't change it, since you would have to memorize the new one" is more logical advice.

moosingin3space8y ago

This is a good point, and part of the problem with the way the average computer user (and far too many above-average users) treat their passwords.

jermaustin1OP8y ago

As a consultant, I have been given access to a lot of passwords for clients. From corporate bank accounts to production servers at government agencies. So they are very sensitive, and when my contract is up, I delete the password folder for that client. I started doing that with clients, then eventually ended up continuing it to my personal passwords as well.

SamBam8y ago

You talked about not even looking at generated passwords, which is different from client's passwords. That's the part I didn't understand.

Although, honestly, the other part seems more bizarre. Gov't agencies and other clients are just giving you their sensitive passwords, and trusting you to delete them after the project, at your leisure? How is that not terrible security? Revoking a consultant's security needs to be in the hands of the employers.

1 more reply

mark-r8y ago

For those not familiar with the rubber-hose method: https://xkcd.com/538/

SamBam8y ago

Personally, I always thought the phrase ought to be "brutish-force cracking," like "brute force", but that's just me...

j / k navigate · click thread line to collapse

0 pointsjermaustin18y ago0 comments

My password manager also clears the clipboard if it is equal to the last password copied after a wile (I've never timed it).

0 comments

SamBam8y ago

> If you can remember it that means you need to change it! I refuse to look at any of my generated passwords.

I'm trying to understand the reasoning for this. Are you dealing with very sensitive information that you have a real reason to fear the rubber-hose cryptanalysis method?

syncsynchalt8y ago

More because you'll develop a resistance to changing the password, since you'll have to start over on memorizing the new one.

dainichi8y ago

AFAIK the benefit of changing passwords regularly is highly debatable anyway. If so, I think "Don't change it, since you would have to memorize the new one" is more logical advice.

moosingin3space8y ago

This is a good point, and part of the problem with the way the average computer user (and far too many above-average users) treat their passwords.

jermaustin1OP8y ago

SamBam8y ago

You talked about not even looking at generated passwords, which is different from client's passwords. That's the part I didn't understand.

1 more reply

mark-r8y ago

For those not familiar with the rubber-hose method: https://xkcd.com/538/

SamBam8y ago

Personally, I always thought the phrase ought to be "brutish-force cracking," like "brute force", but that's just me...

j / k navigate · click thread line to collapse