Trevor_Blake comments on My Heartbleed learning experience and alternative to poor quality Heartbleed instructions. - Less Wrong

14 Post author: aisarka 15 April 2014 08:15AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (31)

Comments (31)

You are viewing a single comment's thread.

Comment author: [deleted] 15 April 2014 11:16:10AM 11 points [-]

Security questions can be answered with lies rather than facts. If might be a fact that I grew up on Elm Street but because that fact might be compromising I can instead lie and say I grew up on p5y77fhssr*:552sfvhdde. More difficult to remember, more difficult to compromise.

Comment author: Lumifer 15 April 2014 03:18:44PM 13 points [-]

Security questions can be answered with lies rather than facts.

Security questions should be answered with lies rather than facts. In most situations "security" questions are a large vulnerability that is often exploited.

Comment author: [deleted] 16 April 2014 05:10:27AM *  4 points [-]

I did something like this over the past few years with some Gmail accounts. I've permanently lost access to those accounts because I didn't keep the answers. Just remember to protect yourself from yourself.

Comment author: RichardKennaway 16 April 2014 06:02:35AM 2 points [-]

How do people remember all their passwords? I write all of mine down. Er, that is, store them in an encrypted file with a long password that isn't written down anywhere. At last count there were about 200 different sets of credentials. All of the passwords are meaningless, vaguely pronounceable strings, so just remembering them all isn't an option.

Comment author: Lumifer 16 April 2014 03:09:40PM 1 point [-]

How do people remember all their passwords?

My passwords are divided into two categories -- important (e.g. for a bank account or the main email address) and not important (mostly for a variety of online stores and other places which think that forcing me to register there is a good idea). The important passwords live in a password manager file which itself lives in Dropbox. The unimportant passwords are composed algorithmically, so that when I am looking at a site's login page I can reconstruct what the password for it should be.

Comment author: JQuinton 16 April 2014 05:17:58PM *  0 points [-]

I have an internal hash algorithm that I use for all of my passwords, and have a set number of base words that I rotate. So an example of what I do would be if one had a list of 10 words that you use for all of your passwords and then use the rot13 hash on them as the actual password input. I basically have endless variations of the same 10 words as long as I change the hash algorithm.

Comment author: aisarka 16 April 2014 12:32:14AM 1 point [-]

I added a note about this to the post.

Powered by Reddit Powered by Reddit