Comments on: Use A Good Password Generator https://pthree.org/2018/04/19/use-a-good-password-generator/ Linux. GNU. Freedom. Tue, 17 Jul 2018 15:53:18 +0000 hourly 1 https://wordpress.org/?v=5.0-alpha-43320 By: Peter https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-275644 Sun, 15 Jul 2018 15:00:40 +0000 https://pthree.org/?p=4976#comment-275644 Thanks for the very interesting page about password generation!

I'm chasing online for a pw generator to put in the hands of our users, but all I found so far is missing something. Gets the feeling that you would be the man to create the dream generator based on Stanford password policy and Diceware wordlists, generating four passwords to choose from:

9-11 characters containing mixed case letters, numbers and symbols.
12-15 characters (3 words) with mixed case letters and numbers.
16-19 characters (words) with mixed case letters.
20+ characters with just lowercase words.

Think many happily would pay to get it on their intranet. Right?

]]>
By: Bo Kersey https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274902 Wed, 13 Jun 2018 20:15:45 +0000 https://pthree.org/?p=4976#comment-274902 Aaron, as always your articles are informative, fairly concise and you do a great job of making the complex easier to understand.

one typo that I found..... s/eded/ed/ over the page and you'll fix it 🙂

Cheers!

]]>
By: Alexander Boese https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274892 Wed, 13 Jun 2018 03:09:12 +0000 https://pthree.org/?p=4976#comment-274892 I created a password generator tool that uses cryptographically secure hashes for generation. Would you mind looking at it, and giving me feedback. If you think it's any good, I can share the generation code, though I'm trying to get more reviews prior to releasing as open source.

DyfynderX on iOS

Thank you.

-Alex Boese

]]>
By: guest https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274609 Sun, 27 May 2018 17:52:36 +0000 https://pthree.org/?p=4976#comment-274609 I'd definitely suggest looking at https://bitbucket.org/ligos/readablepassphrasegenerator/wiki/Home 's idea of Readable Passphrases, which generates a syntactially valid (nonsense) sentence. It's my personal favorite that I've seen -- I find them EXTREMELY memorable, and I'd like to see more people use that.

]]>
By: Michal from hp.pl https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274356 Sun, 13 May 2018 16:47:02 +0000 https://pthree.org/?p=4976#comment-274356 To be honest never thought about it this way. Reffering to WordPress sites, I used brute-force protection provided by premium extensions and a key weification tool, that forbid using weak passwords. Whats more I blocked countries known from their source of common attacks and developed a policy of auto-ban repeating offenders.

I'm programist but need to escalate the topic. Thanks!

]]>
By: Michael https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274252 Thu, 03 May 2018 14:49:41 +0000 https://pthree.org/?p=4976#comment-274252 How about adding keepass to your chart

]]>
By: xeni https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274156 Wed, 25 Apr 2018 07:08:14 +0000 https://pthree.org/?p=4976#comment-274156 The more random and mixed-up you make it, the harder it is for others to crack. Mind you, if your password is compromised, the password crackers will even take over your identity.

I wrote an article on Best Passwords to use
http://quotidianotips.com/passwords/

]]>
By: Conor https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274148 Mon, 23 Apr 2018 20:48:39 +0000 https://pthree.org/?p=4976#comment-274148 Thanks for taking the time to conduct this research and then share it with the community!

I see LastPass and Dashlane in the spreadsheet, but not 1Password or Keeper. Any chance you'd consider reviewing them and adding them to the spreadsheet?

]]>
By: Adrien https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274144 Mon, 23 Apr 2018 18:53:44 +0000 https://pthree.org/?p=4976#comment-274144 For Server vs. Client Generation, you can use something like uMatrix for Firefox, and disallow any XHR for the page. In this case, the JavaScript can do a lot, but not communicate with a remote server.
Unless there is some unknown avoidance method I'm not aware of.

]]>
By: guest https://pthree.org/2018/04/19/use-a-good-password-generator/#comment-274143 Mon, 23 Apr 2018 16:28:00 +0000 https://pthree.org/?p=4976#comment-274143 1. Block range not used IP and system processes with firewall.
2. Track own internet connection, for example from with own router.
And from own computer.
You will see tightness firewall and which process use your internet.
3. If you can, use gpg key, this is password but longer.
GPG key can be stolen, but password also. You can enable the system notification if the key is used. But to make sense, you need to protect the system from editing system files.
4. If you can, keep track of when your password is used. Because password and key does not give safety. Security gives only the address when it can only be yours and when nobody can use your computer for use your address.
For example:
When you write in chat,
someone may impersonate a friend.
When you call to friend on the phone,
even if someone else takes over the phone you will recognize him, in a voice. Because usually you know his voice very good and often also from real life. From chat, if this is not with video and sound, what you will see ? Tahoma or other font, which use 1 billion people or more ?

]]>