top | item 39139087

(no title)

I use Diceware. 6 random words with alphanumeric padding. So basically the XKCD, but something like:

correct_2_horse_2_battery_2_staple. In my experience it doesn't take long to memorise the words.

I have two passwords I know off by heart, my password manager and my gmail (just in case). I also capitalise a certain letter in each word, but that pattern is in my head only.

I am of course lazy, so I use biometrics on my phone/tablet/laptop to minimise the need for entering my password. But I wouldn't if I still worked in a high risk industry.

discuss

louwhopley|2 years ago

What's your thoughts on keeping a separate Gmail password (that's not stored in the password manager, vs keeping it inside the password manager?

Assuming Gmail account is the core email behind majority of services, so breaching that account would allow password reset on most other services.

4oo4|2 years ago

You probably want 2FA as a means of separation instead. Not storing it in your password manager makes it more likely to be a weaker password since you have to manually type it in. However keeping your TOTP codes separate from your password manager, or better yet using a Yubikey that can't be phished means you get a long complex password that can autofill, but also means your Gmail can't be breached by just your password manager secrets leaking alone. Also, aside from the idiocy and amateurism of LastPass, password manager breaches/leaks are rare, as long as it's well designed and you have a strong master password.

Shatnerz|2 years ago

Link for the lazy: https://xkcd.com/936/

I came here to post essentially the same thing.