Reply to post: Re: Bruce Schneier

Stop resetting your passwords, says UK govt's spy network


Re: Bruce Schneier

I think it was about 20 years ago that I first read the advice to pick a good password and stick with it, probably from Schneier. I think the length of a "good password" has probably increased since then, but I believe the principle is the same. Pick something you can remember that is hard for others to guess, whether by brute force or by picking at your life details. For passwords I control, I use a strong multiword passphrase from a generator if I want to be able to remember it at the keyboard, and randomly-generated strings in a cross-platform password manager for credentials I just want to be able to copy/paste. I turn on 2FA if it's available. I don't store passwords that I don't control in my manager, as I don't want that responsibility in the event my manager is somehow compromised. I read many analyses before picking a password manager program that had the features I want. I think I've achieved a balance of security and convenience that works for me.

(Note: I specifically am not commenting on which safe I use, since this is about security principles, not particular software implementations. Schneier wrote his own manager, and there are many others.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019