Ryan Castellucci (they/them) Jun 25, 2024

Ryan's guide to determining whether your password is secure:

1) Did you pick it yourself? If yes, it is not secure.

2) Is it unique? If no, it is not secure.

3) Is it part of a "password system"? If yes, it is not secure.

4) Is created using a deterministic password generator? If yes, it's part of a "password system" and therefore not secure.

5) Did your password manager randomly generate it for you? If yes, it's probably fine.

6) Did you generate it with dice? If yes, it's probably fine.

7) Did you create your password in some other way? It's probably fucked.

Show threadRon BowesJun 25, 2024
@ryanc Thank you! Every time a security awareness training class talks about how to choose a secure and memorable password, I die a little. It's missing the point. Humans can't remember more than like 3-4 passwords, so we shouldn't. Teach users how to use a password manager!!
Show threadÖlbaumJun 26, 2024
@iagox86 @ryanc And one time you’re at someone else’s computer without your phone and you’re fucked.
Show threadRyan Castellucci (they/them) Jun 26, 2024
@oscherler @iagox86 you put your password in someone else's computer without protection!? Eeeww
Show threadÖlbaumJun 26, 2024
@ryanc @iagox86 Yes, and I’m ashamed, so I do it incognito.
Show threadRon Bowes
@oscherler @ryanc You go places without your phone?? :⁠-⁠)
Jun 26, 2024 at 11:13pmWeb
Show threadÖlbaumJun 27, 2024
@iagox86 @ryanc Not on purpose, but what can you do?