Doesn't the master passphrase require physical control of my device to be useful?
-
-
Replying to @Pinboard
'We reserve the right to search your electronic devices at a border crossing' combined with <any large breach with your reused password>
2 replies 0 retweets 0 likes -
Replying to @durumcrustulum
I'm not trying to be difficult, but I think this is a hard thing to ask for usability by regular humans. Safely crossing borders is a different animal, and I think better served with a travel mode
1 reply 0 retweets 1 like -
Replying to @Pinboard
I have...three passwords (plus two pins) that I have memorized and chose rather than were randomly generated. Given that one of them is my master password, I don't find that particularly burdensome.
1 reply 0 retweets 0 likes -
Replying to @durumcrustulum @Pinboard
If you really _really_ can't come up with something fresh for your pw manager's master pass, fine do whatever clever permutation of child's name and birth year (but with numbers instead of vowels!) that you will actually use and remember, just try to make it somewhat different.
1 reply 0 retweets 0 likes -
Replying to @durumcrustulum
There are issues with that, like the passphrase chosen for a laptop being excessively cumbersome to type on a phone keyboard because the vowels are numbers. (I'm not making these up, this is drawn from all the ways I failed to get regular people to use password managers)
2 replies 0 retweets 2 likes -
Replying to @Pinboard
(Was my sarcasm not clear? You can do the numbers for vowels thing but that is definitely a known mutation in password crackers.)
1 reply 0 retweets 0 likes -
Replying to @durumcrustulum
I missed it, I'm sorry. I genuinely don't get why password crackers are a consideration in the master passphrase for a password manager. You cited the example of crossing borders, but that seems very specific to me. I apologize if I'm being dense.
1 reply 0 retweets 1 like -
Replying to @Pinboard
I figure, you are choosing the combo for your safe, probably one you won't change for a long time, and this one-time, high-value decision is improved if it's not a value you've already spread all over the world associated with your identity.
1 reply 0 retweets 0 likes -
Replying to @durumcrustulum @Pinboard
It's better to use a password manager with a meh password than not at all, but if you can swing it, please choose a decently long passphrase you haven't been using lots of other places to secure it.
1 reply 0 retweets 0 likes
This makes total sense to me. But I think a place it collides in my head is, I try to ease people on to password managers very gradually, so there is no one big decisive step. Choosing a very secure, never used before, master passphrase feels like that. It's a tension
-
-
Replying to @Pinboard
It is a tension, I give you that. For me the on-ramp was using the Chrome password manager and syncing those, then migrating to 1Password, and basically equivocating my new master password with my GMail/Google password/Chrome password in importance.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.