Ryan Castellucci (they/them) Jun 25, 2024

Ryan's guide to determining whether your password is secure:

1) Did you pick it yourself? If yes, it is not secure.

2) Is it unique? If no, it is not secure.

3) Is it part of a "password system"? If yes, it is not secure.

4) Is created using a deterministic password generator? If yes, it's part of a "password system" and therefore not secure.

5) Did your password manager randomly generate it for you? If yes, it's probably fine.

6) Did you generate it with dice? If yes, it's probably fine.

7) Did you create your password in some other way? It's probably fucked.

Show threadDavid Nash

@ryanc This reminds me of the thought process I used to convince myself that "systems" were generally a bad idea, about 10 years ago:

1. hypothetical system: memorize 12 or so random characters and stuff the name of the app/website into the middle
2. hypothetical example: "BwwCB-GMAIL-wwnhlS?"
3. this at least appeared difficult to crack with the tools of the time (early 2010s)
4. but once the hacked password file for SomeTech with "BwwCB-SOMETECH-wwnhlS?" becomes public, suddenly all your logins everywhere are totally insecure and need to be completely re-credentialed *immediately*

Jun 25, 2024 at 4:32pmWeb