Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] External security Re: one vs many static IP addresses



> From: Discuss [mailto:discuss-bounces+blu=nedharvey.com at blu.org] On
> Behalf Of Rich Braun
> 
> It's 2016 and the whole concept of passwords for user auth is obsolete;
> they're hard to remember, don't get changed enough, and fairly easy to
> break.

*cough* 
There are very real weaknesses to using passwords, sure, but to say it's obsolete means you're living on a different planet.


> If you're relying solely on a memorized pass-phrase to access anything via a
> public IP address, you're not doing it right these days. Does this include
> you?

Seriously, what you just said is impossible. Even if you're using a password manager, or some type of cloud storage (something other than a USB fob) to keep some sort of private key with you at all times, backed up and safe from compromise by a pickpocket or mugger...

You have to login to your password manager with a password.

The right thing to do is memorize one really strong password, and use it to secure all your other randomly generated passwords.

PS. Something I'm working on right now is a cryptographic random sentence generator using small words (2-4 chars). Sentences like:

	ads have down if god fits last
	seas date max as air uses zone
	land tries fair and rock owns sign

These are easily memorizable, and about 40 bits each. Certainly strong enough to use in a password manager to protect against thugs. String a couple of them together and it would be strong enough to thwart sophisticated attacks, and if you string 3 of them together it would be sufficient to thwart a hostile government.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org