RPGMemes
Humor, jokes, memes about TTRPGs
these are called pass phrases and yes, they tend to be way more secure at least until quantum computers render all traditional cryptography meaningless.
until quantum computers render all traditional cryptography meaningless.
I'll cross that bridge when it actually happens.
You’ve got an estimated 10 years or so before quantum computers can crack all current encryption by using Shor’s algorithm.
One of the most important quantum computing algorithms, known as Shor's algorithm, would allow a large-scale quantum computer to quickly break essentially all of the encryption systems that are currently used to secure internet traffic against interception. Today's quantum computers are nowhere near large enough to execute Shor's algorithm in a practical setting, and the expert consensus is that these cryptanalytically relevant quantum computers (CRQCs) will not be developed until at least the 2030s.
Well good news then, because even throwing every quantum computer currently on the planet is not enough to factor 2048-bit RSA, and likely won't be in any currently alive human's lifetime.
Maybe with current quantum computers, but human technology tends to increase at an exponential rate so I doubt it will be long. Scientists are already trying to design post-quantum encryption for this very reason.
Basically what diceware does. It's just that humans are really bad at picking random words ("banana" is over represented, for instance) that's what diceware helps with.
I look around the room or think about what I'm doing. My username was made that way.
Not recommended. People can and do crib the kinds of things you're likely to have around you. It can narrow the field of guesses more than you'd think.
I used to use words from different vernaculars or languages. Sometimes i double check they are too abstract and weird to correct horse battery staple easily just because I'm a contrarian asshole snd thst helps me remember. exquisitevibrattoacquittalbevelschaudenfreude
This is what you get for making me admin, I've gone mad with power, muhahahahaha!
crimes o-o
My password is 'friend', should I change it? I feel like it keeps all the nasty visitors out while letting the good folk inside.
Some great mind took hours to break this password. Hours!
Spoiler: the pony survived!
A much more secure password is "Mellon". I've used it as a door code for ages, and nobody can guess it.
Random passwords are good practice, what isn’t good practice is following specific password requirements like 10 characters 1 uppercase, 1 symbol because that reduces your search space. A 30 or 50 character password generated by your password manager is always the most secure option, the longer the better. I generate passwords that go to the maximum the service allows.
“Password must be between 8 and 12 characters” 🤦🏻♂️
'Pass word1!
Oh, ' and spaces aren't allowed?
we want you to have a secure password so we're only letting you use letters, numbers, and !@#$. nothing else. also, you have to use at least one of each, and it can only be 8 to 12 characters long. remember, we're doing this for your security!
Over the years, nobody has ever guessed my passwords, but four sites I was subscribed to were compromised and my email+password got leaked anyway.
The strongest chain and the weakest link...
Just make one super strong password, use that to unlock you password manager and have it generate 30 character passwords for everything.
Password managers are OK but I have hesitations on them personally. I'm leery of putting all my most high-value stuff in one place behind one password. What I do instead is memorize a truly unreasonable amount of passwords, though, which I recognize is not a reasonable expectation for others. For threat models in which you're not worried about in-person attacks, it may actually be a good idea to just write your passwords down, maybe keep your password book in something with a lock on it. I'm not advocating for any particular method, just putting it out there so people can make an informed decision.
I use horse-battery-staple passwords for core stuff (unlocking my computer, bank stuff).
I use the password manager-generated passwords for everything that's in a browser.
I'm leery of putting all my most high-value stuff in one place behind one password.
Password managers (at least the non-browser based ones) use methods provided by the OS to protect themselves from screen recording, direct memory reading and keyboard-sniffing. Most password managers can also be set up to require a keyfile and/or physical passkey to unlock their databases.
A keyfile stores data necessary for decryption separate from the password database and means someone couldn't get into your passwords even if your database was stolen and they knew the master password (assuming you stored your keyfile separate from the database - the file and its location should be treated like a password itself). A keyfile also lets you keep your database on cloud storage while manually transferring the key to trusted devices, allowing cloud syncing of your passwords without fear of leaks - without the keyfile it's all just random data.
A physical passkey makes it virtually impossible to breach the database unless someone steals the USB device, since it uses a challenge-response model and the data needed to spoof it should never leave the device.
I guess what I mean is, it's a single point of failure. Usually an extremely strong one, granted.
And your memory is not a single point of failure?
Well, no, not really. If I forget a password I've only lost access to the one site, and it's recoverable. Just an partial failure. Not going to lose everything unless I literally die in which case I don't care about anything anymore. And no one is going to breach my brain short of tying me to a chair, and that's not really my threat model.
Gotcha, the boomer method. 👍
Ideally all lowercase letters to make them easy to type when you need to use them in another device. Unfortunately, a lot of places don't allow that, preferring less secure and more inconvenient passwords.
30 characters? you don't need that, we only let you use up to 10. also yes you have to have at least one lowercase letter, uppercase letter, number and a symbol (which can only be !, @, #, or $). we're doing this for your security, of course
Horse: "That's a battery staple."
Man: "Correct!"
Also: Reminder to enable 2 factor authentication, of you haven't.
Diceware is a password locker?
Diceware is a method of generating random memorable passwords.
I would suggest a password locker rather than just a generated passphrase.