Show threadJens Bannmann6d ago

@gabe_sky
Great idea, thanks! Bookmarked.

As chance would have it, I also built another useful thing, way back in 2015:

https://batterystaple.pw/ - generates secure #Passphrases entirely in your browser

Like you, I built it because I was not happy with the existing alternatives. Since then, I have been using it quite regularly, but I have no idea if anybody else uses it (nor a way to find out).

In any case, I will gladly continue to pay for the domain name!

battery staple

Sam BentMay 3
Use strong, unique passphrases.
Passphrases are easier to remember and harder to crack.
#Passphrases #PasswordStrength #Authentication
Show threadSean O'BrienApr 5
@evangreer @fightforthefuture.org @bsky.app @guardianproject @internetarchive @torproject @signalapp @session @simplex @freedomofpress @eff @privacysafe
🔐 #PrivacySafe Bot: Strong #passwords made simple.
Whether you’re setting up devices and user access ahead of time or recovering from a breach, get cryptographically strong passwords & #passphrases — right in your browser, on your device, never stored on a server.
https://bitsontape.com/p/password-bot-security
🤩 Announcing: PrivacySafe Bot - Easily Create Secure Passwords

PrivacySafe Bot is the latest of our privacy tools to add to your belt

Bits On Tape
Aaron Toponce ⚛️Dec 27

8,192 French #Diceware word list for use with computers.

#passwords #passphrases

https://theworld.com/~reinhold/wordlist_fr_8192.txt

Show threadGeekmaster 👽Dec 18

So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless

 Encrypt everything, everywhere, all the time
 VPN tunnels everywhere
 PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
 For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
 Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
 Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education.

#BeCyberSafe #StayCyberAware

StrypeyDec 4

"The challenge in storing encrypted backup data is that strong encryption requires strong (or “high entropy”) cryptographic keys and passwords. Since most of us are terrible at selecting, let alone remembering strong passwords, this poses a challenging problem."

#MatthewGreen, 2020

https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/

This isn't as hard as people seem to think;

https://xkcd.com/936/

What's missing is education, including replacing "password" with "passphrase".

#passwords #passphrases #XKCD

Why is Signal asking users to set a PIN, or “A few thoughts on Secure Value Recovery”

Over the past several months, Signal has been rolling out a raft of new features to make its app more usable. One of those features has recently been raising a bit of controversy with users. This i…

A Few Thoughts on Cryptographic Engineering
Royce WilliamsJun 30, 2024

No, NCSC¹, passphrases of only three (or even four) random words are not sufficient - unless the user knows that the password hashing method is a "slow" one (bad for the attacker). Which is rarely guaranteed.

1025 combinations -- six words from a pool of 20K words, or five words from a pool of 100K words -- should be considered the minimum.

¹https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words

#Passphrases
#PasswordCracking

Three random words

Combine three random words to create a password that’s ‘long enough and strong enough’.

esc-it collectiveApr 28, 2024

Vor kurzem wurde das 2024 update zum hive systems password table veröffentlicht und wird gerade wieder viel geteilt.

Leider behandelt hive systems das Theme passphrases absolut inadequat, deswegen haben wir das zum Anlass genommen unsere passphrase Tabelle zu aktualisieren.

Details im Kommentar. ⬇️

#passwords #passphrases #security #passwordSecurity #passphraseSecurity #diceware

Show threadJoachim ScharlothApr 18, 2024

Die Themen im Einzelnen:

- Geschichte und grundlegende Funktionen des Passworts
- kulturelle vs. pseudorandomisierte #Authentifizierung
- #Komplexitätsregeln und warum kurze Passwörter schlecht sind
- Mehrwort-#Passphrases
- Kulturalität von Passwörtern
- #Forschungsethik in der Passwortforschung
- Good Practice: Generieren, memorieren und aufbewahren von Passwörtern
- das #Passwort und alternative Authentifizierungsmethoden

Show threadTuwort PodcastApr 17, 2024

Die Themen im Einzelnen:

- Geschichte und grundlegende Funktionen des Passworts
- kulturelle vs. pseudorandomisierte #Authentifizierung
- #Komplexitätsregeln und warum kurze Passwörter schlecht sind
- Mehrwort-#Passphrases
- Kulturalität von Passwörtern
- #Forschungsethik in der Passwortforschung
- Good Practice: Generieren, memorieren und aufbewahren von Passwörtern
- das #Passwort und alternative Authentifizierungsmethoden

https://www.tuwort.com/index.php/2024/04/16/tuwort-spezial-8-das-passwort-mit-tobias-dussa/

tuwort spezial #8: Das Passwort

In dieser Sonderfolge des Tuwort-Podcast unterhält sich Joachim mit Tobias Dussa, Teamleiter Cyber Threat Intelligence, über Funktion, Form und Umgang mit Passwörtern. - Passwörter vs. Wörter in natürlichen Sprachen - Vorstellung Tobias Dussa, Cyber Threat Intelligence, CERT - Geschichte des Passworts und grundlegende Funktionen (Autorisierung, Authentifizierung), kulturelle vs. pseudorandomisierte Authentifizierung - Arten von Passwörtern, Komplexitätsregeln, kurze vs. lange Passwörter und warum lange besser sind, Brute-Force-Angriffe, randomisierte vs. nicht-randomisierte Passwörter - Wie misst man die Qualität von Passwörtern? - Sind Multi-Wort-Passphrasen besser?, Forschungspraxis und Forschungsethik in der Passwortforschung - Kulturalität von Passwörtern - Good Practice: Generieren, memorieren und aufbewahren von Passwörtern - Gängige Fails und Social Engineering - Alternative Authentifizierungsmethoden und die Zukunft des Passworts - Spaß mit Passwörtern

tuwort