[NBLUG/talk] How do you handle physical device passwords?

Robert Thille rthille at gmail.com
Mon May 8 11:50:05 PDT 2017


My computers get a "memorable" password generated by Apple's Keychain
Access Password Assistant:

[image: Inline image 1]
And then I have ssh keys which have a long passphrase, or are stored in my
Yubikey.

On Sun, May 7, 2017 at 3:25 PM, Allan Cecil <allan at nblug.org> wrote:

> In advance of Kyle's talk on Tuesday I was curious what practices other
> NBLUG folks follow with physical access passwords, i.e. passwords that you
> have to type frequently to gain access to a local PC or other personal
> device.  Since it's a password that you'll be typing often you generally
> want a password that is easy to type but that is often at odds with good
> security practices.  I'm seriously doubting my own methods after attending
> the Thotcon security conference this past week.  Obviously, don't give up
> anything secret or sensitive here, but how do you handle passwords that by
> their nature can't be in a password manager and have to by typed frequently?
>
> This is probably a discussion for after Kyle's talk but it's been on my
> mind and I didn't want to wait.  Thanks for your thoughts!
>
> A.C.
> ******
> President, North Bay Linux Users' Group
>
> On 04/18/2017 03:05 PM, Allan Cecil wrote:
> > Topic: Sex, Secret and God: A Brief History of Bad Passwords
> > When: Tuesday May 9th, 7:30 PM to 9:00 PM
> > Speaker: Kyle Rankin
> >
> > Location: O'Reilly Media, Sebastopol CA in the Tarsier conference room
> > past the metal statue and to the right ( http://nblug.org/locations )
> >
> > Description:
> > Most of what we've been told over the years about what makes a good
> > password has been wrong, so it's no surprise most people pick bad
> > passwords. This talk will cover the history of password policy and
> password
> > cracking starting from the days when Richard Stallman hacked the
> passwords
> > forced on his MIT computer lab because he considered passwords an
> > authoritarian method of control. Next I'll discuss the golden days of
> > password guessing featured prominently in movies like Hackers and
> WarGames.
> >
> > Then I'll move to the tech boom and the introduction of draconian IT
> > policies like password rotation and password complexity and the dirty
> > little leet-speak password secrets they led to. As we get closer to the
> > modern day I'll discuss the "correct horse battery staple" password
> > renaissance and more modern approaches to password cracking spawned by
> > tools like oclhashcat and giant password databases dumps like the RockYou
> > hack.
> >
> > I'll finish up with modern attempts to fix the password auth problem such
> > as new approaches to secure password generation in password managers or
> > schemes such as diceware as well as cover password auth reinforcements
> like
> > the different forms of 2FA (including U2F) and Facebook's new approach to
> > "I forgot my password" workflows. By the end everyone should have plenty
> of
> > ammunition to take back to their IT department and get rid of those
> > horrible password policies.
> > _______________________________________________
> > announce mailing list
> > announce at nblug.org
> > http://nblug.org/cgi-bin/mailman/listinfo/announce
> >
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nblug.org/pipermail/talk/attachments/20170508/34415f2e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 28491 bytes
Desc: not available
URL: <http://nblug.org/pipermail/talk/attachments/20170508/34415f2e/attachment-0001.png>


More information about the talk mailing list