AbaddonApr 13, 2023
Max Leibman has moved!

Some password advice from an infosec professional:

Good password hygiene means choosing a password that is hard to guess.

One that's hard to type. Hard to remember. Hard to think about. Hard to LOOK at.

A password that makes you feel disoriented, uncomfortable.

In short, your password should be a Cthulhu.

#passwords #PasswordHygeine #InfoSec

Apr 12, 2023 at 3:57amWeb
Show threadMax Leibman has moved!Apr 12, 2023

The very real difference, for me, between #Mastodon and #Twitter:

I found this joke in my Twitter archive. I posted it in 2020, and as I recall it got a couple retweets and a couple likes. No big deal.

I reposted it last night here, and it already has 147 boosts and 230 likes, plus tons of comments.

#TheAlgorithm did me no favors.

Show threadNick 'The Viking'Apr 12, 2023

@maxleibman

Well I've got most of that but those last parts like uh just figuratively yeah?

Show threadJake OrlowitzApr 12, 2023
@maxleibman Incorrect, your password should be C1hu!hu
Show threadHugo MillsApr 12, 2023
@maxleibman I usually try to include either the Shoggoth emoji, or U+1f7d3 ELDRITCH GEOMETRY STRANGE ANGLE
Show threadThomas BeagleApr 12, 2023
@maxleibman I lose one point of SAN every time I type my master password.
Show threadQuinn NortonApr 12, 2023

@maxleibman this is terrible advice!

It shouldn't be hard to type, it should be impossible to type! A good password has no unicode below 100, no numbers, at least one letterlike symbol, an alchemical symbol, and ofc right angle with downwards zigzag arrow. The combination should summon a demon to your location, and if a character is misplaced the demon shall not be contained within the circle.

Show threadMaurice MilliganApr 12, 2023
@quinn @maxleibman This is how I lost access to my CompuServe account.
Show threadQuinn NortonApr 12, 2023
@crypticinquiry @maxleibman ...but gained access to the unspeakable darkness?
Show threadMaurice MilliganApr 12, 2023
@quinn @maxleibman That's the thing about the unspeakable darkness - I don't like to talk about it.
Show threadKevin Karhan Apr 12, 2023

@quinn @maxleibman Problem is that most #password prompts I know stuggle with anything beyond #ASCII - with some luck it'll be able to handle #ISO8859-15 with ร„ร–รœ & รŸ as letters...

Also making #Emoji as passwords isn't really conducive since there is no good, useful and standardized way to enter these on a regular-ass keyboard.

Espechally with modifiers...
I.e. How do you type
"White + Black nonbinary couple with Asian nonbinary Child" on a keyboard?!?

Show threadKevin Karhan Apr 12, 2023

@quinn @maxleibman

Also no #PasswordManager supports it, and we might just end up with shitty passwords like:

 ๐Ÿ‘ ๐Ÿ† ๐Ÿ‘ ๐Ÿ’ถ ๐Ÿ’ฏ ๐Ÿ†— ๐Ÿ†’ โ€ผ๏ธ

Show threadGregg "Cabe" BondApr 12, 2023

@kkarhan @quinn @maxleibman It's 7 years old now, so might need an update but...

https://www.youtube.com/watch?v=lIFE7h3m40U

The Art of the Bodge: How I Made The Emoji Keyboard

YouTube
Show threadKevin Karhan Apr 12, 2023

@cabebedlam @quinn @maxleibman As much as I like @tomscott's #EmojiKeyboard, this ain't gonna work - period.

If it takes up more space than a 100% 122-key - Keyboard, even people like #Chyrosran22 and myself are checking out...

Most people won't even consider something that requires more than a 65% layout and more than a 3 button combo. [i.e. CTRL+ALT+X]...

Show threadMalcolm HerbertApr 12, 2023
@maxleibman better, passwords that can't abide to share a mind with one another ...
Show threadHelge WilkerApr 12, 2023
@maxleibman @cstross My password manager has an option for generating pronounceable passwords. The results _do_ sound like what youโ€™re describing there. I wonder whatโ€˜s the story behind thatโ€ฆ
Show threadฮฃ(iยณ) = (ฮฃi)ยฒApr 12, 2023

@maxleibman

Pshaw, I've been using pฬตฬšอ อ’ฬ†ฬšอ˜ฬˆฬฬ€ฬ†ฬพฬซฬ™ฬฅอ•อ‰อ”ฬฐฬขฬ™ฬปฬชaฬทฬ€ฬ‰อ อƒอ›ฬ•อ’อ˜ฬ‰ฬงฬฐฬนฬฆฬ˜sฬธฬฟฬอ˜ฬอฬŽฬƒฬ“อฬ›อ›ฬ…อ˜อ•ฬคฬฎอ–ฬ™ฬฐฬบsฬดอ‹อƒอ‹อออฬปอˆฬ™ฬขwฬตฬออ„ฬอˆฬ ฬกอ–oฬธอŠฬ‚ฬ†ฬ‹ฬŠฬŽฬŒอ€ฬอŠฬ˜ฬ–ฬ™ฬญอ•อ”ฬบฬกอ”ฬ™ฬ˜ฬญฬฒฬขrฬทอ›อŠฬ‚อ‹อŠฬ‰อ†ฬ‰ฬอƒอŒฬฉอ“อ“ฬฑฬœอ‡ฬณฬฬžฬงฬฬซออ™ฬฌdฬธอ€อ‹อ—ฬ”อฬˆอ‘ฬ€อ’อ‚ฬ†ฬฟออ—ฬปฬขฬณฬจอ”ฬ–ฬฏอ–1ฬทฬอ›ฬ›ฬ”ฬ€ฬออ’ฬฬ‰อ‚อ‹ฬŒฬ…อŒฬกฬบฬ™ฬ–อฬบอ…ฬ˜ฬคฬขอ•ฬžฬฒ my whole life and nobody has ever guessed it...

Show threadยฏ\_(ใƒ„)_/ยฏApr 12, 2023
@maxleibman not 3 random words?
Show threadAtomic OrbitalsApr 12, 2023
@maxleibman O RYLEH?
Show threadHugo MillsApr 12, 2023
@geoglyphentropy @maxleibman รA RLYH!
Show threadGregg "Cabe" BondApr 12, 2023
@maxleibman
Show threadmhoyeApr 12, 2023
@maxleibman Langfordโ€™s Access Token?
Show threadARandomPotatoApr 12, 2023
@maxleibman reading the comments on this post crashed my phone and Iโ€™m not kidding. Mission accomplished?
Show threadRotfarmApr 12, 2023
@maxleibman I'm for creating a password that is an memetic that induces psychic distress....this sounds like some SCP shit.
Show threadJochen WersdรถrferApr 12, 2023
@maxleibman @wegegeld genau so ๐Ÿ˜‡
Show threadPaulWayApr 12, 2023
@maxleibman I tried to make my password The Parrot but apparently it had too many angles...
Show threadNiggle it. Just a little bit.Apr 12, 2023
@maxleibman So what's Nyarlathotep, chopped liver?
Show threadChristine MalecApr 12, 2023
@maxleibman How about "DetailedBowelMovementRoutine^^^^^"?
Show threadMax Leibman has moved!Apr 12, 2023
@ChristineMalec Perfect!
Show threadChristine MalecApr 12, 2023
@maxleibman I mean, I wouldn't want to look at that ...
Show threadPatrick McLaughlinApr 12, 2023

@maxleibman

Lacks any special characters and will be rejected.

Maybe โ€œPh'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagnโ€?

Show threadEoinApr 12, 2023
@maxleibman once youโ€™ve seen them, you can use them in passwords. Thatโ€™s why I always use fnordhunter2fnord
Show threadHighlandLawyerApr 12, 2023
@maxleibman Better yet, it should be a Langford's basilisk
Show threadapophisApr 12, 2023
@maxleibman ::sets every password to "a Cthulhu"::
Show threadLog ๐ŸชตApr 12, 2023
@maxleibman Your password must include:
1 lowercase letter
1 uppercase letter
1 numeral
1 punctuation mark
1 rune
1 angelic sigil
1 demonic glyph
1 non-printing character
1 aspect of Logrus
1 fragment of Pattern
1 page from Recherche du Temps Perdu
1 token smuggled from an adjacent reality
1 emoji (cannot be poop emoji)
1 terrible non-Euclidean geometry, seething with madness just under its outer skin
1 Chinese traditional
1 Chinese simplified
1 fart ghost
1 ghost fart
Show threadKineneโญ๐ŸปApr 12, 2023
@log @maxleibman ...and a Shoggoth in a pear tree.๐ŸŽต
Show threadSir David NielsenApr 12, 2023

@maxleibman @donmelton my password should summon a great old one?

I mean, I guess I could create a Facebook account.

Show threadAmbigram ArtApr 12, 2023

@maxleibman

Password: 5etUpUsTheBom8
PIN: ZIG

#AllYourBaseAreBelongToUs

Show threadAmbigram ArtApr 12, 2023
#allyourbase
Show threadRui CraveiroApr 12, 2023
@maxleibman I don't know most of my passwords, my password manager does. Some of them are so huge they almost become certificates. Everywhere possible I add 2FA.
Show threadZeugsApr 12, 2023
@maxleibman never spelled that correctly.
Show threadMax Leibman has moved!Apr 12, 2023
@Zeugs Iโ€™ve probably never pronounced it correctly. ๐Ÿคทโ€โ™‚๏ธ
Show threadZeugsApr 12, 2023
@maxleibman
That's easy หˆฯ‡ษฌสŠl. ษฌuห
Show threadChuck O'Rourke:verified:Apr 12, 2023
@maxleibman @tchambers
Done! Iโ€™ve changed all my passwords to โ€œCthulhuโ€.
Show threadAedius Filmania โš™๏ธ๐ŸŽฎ๐Ÿ–Š๏ธApr 12, 2023
@maxleibman and now everybody got my password ๐Ÿ˜œ
Show threadEzra SzantonApr 12, 2023
@maxleibman got it. All my passwords from now on will be "Cthulu123" this I swear forever and always
Show threadSylvainApr 13, 2023

@maxleibman

Here is my password generator!

Show threadJohn FrancisApr 13, 2023
@axnxcamr @maxleibman each ry'leh or fthagen is only 1 bit of entropy, you need about 94
Show threadKarl HabermasApr 13, 2023
@maxleibman But most websites don't accept passwords containing Old Enochian characters.
Show threadMax Leibman has moved!Apr 13, 2023
@habermas Do they not accept them for technical reasons, or out of fear of awakening the Great Old Ones?
Show threadKarl HabermasApr 13, 2023
@maxleibman I would guess it's primarily due to limited expertise of UI and Web security personnel. But [email protected] could provide an expert analysis.
Show threadMatt LewisApr 15, 2023
@maxleibman +1d4 insanity points every time you log in
Show threadOldBrushNewPaperApr 16, 2023

@maxleibman Calling @cstross...

https://mastodon.social/@maxleibman/110183830492631740

Show threadflightofdragonsSep 14, 2023
@maxleibman Funny, but unless this relevant Xkcd is totally off, the advice is untrue: https://imgs.xkcd.com/comics/password_strength.png
Show threadLAURENMar 13, 2024
@maxleibman so...awkward
Show threadEleanor LNR BlairMar 13, 2024
@maxleibman I love that this is a joke from a few years back - because it's funny, but it's outdated advice!
Show thread(moved)Galbinus Caeli ๐ŸŒฏMar 14, 2024
@maxleibman we can't all use "DonaldJTrump"
Show threadMax Leibman has moved!Mar 14, 2024
@SkipHuffman MAGOO (Make America Great Old Ones).
Show threadPaul.Mar 14, 2024
@maxleibman In other words: use a decent password manager like Bitwarden or 1PassWord.