If you have a long core, it can typically lead to weak passwords when the max chars is limited. Tweak it to match the requirements, for example: Securitystackexchange01.Choose a (hopefully strong) core, for example: securitystackexchange.I feel like this is not a strong system, but I believe it does get used in practice. So this system would either fail system constraint 2 or 3. Of course its strength can be horrible if you don't start with a random string. This system will generate a password that can always match the requirements. Recursively change a character till the constraints are met, you could end up with aaaaA1.Keep adding the letter a, until the minimum character count is satisfied, for example aaaaaa.Just to show what a system could be like, I will mention this ridiculous example. I tried to come up with systems, but have not found anything that meets all system constraints (Or is good enough in general). I am not worried about only numeric passwords Password must be changed periodically and does not match anything from last M periods.No symbols / at least n symbols from a limited set.Typical constraints in choosing a password (of course they vary per system): Bonus: It would be nice if it was secure against someone knowing an old password.I am not worried about someone knowing more than 1 leaked password. It should be secure after I use the system in an insecure environment and the password used there may leak.It should be secure against someone who knows the system (but not the input parameters).It be comparatively easy to remember/recreate if I know the setting (and the date?!) and its constraints.It should give me a password for (nearly) any combination of password constraints (see below).Ideally the system should meet the following constraints: System constraints QuestionĪssuming that I don't want to use a password manager and have to select and use passwords manually, what would be a good system for this? Sometimes one cannot even bring in any auxiliary resources like a phone. Some on my computer where I could choose to use a password manager, but many on client systems where I may not even have online access and definitely can't plug in a storage device. Over time I am required to choose and use many passwords in different environments.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |