View Single Post
  #7  
Old March 24th 19, 04:34 PM posted to comp.mobile.android,misc.phone.mobile.iphone,comp.sys.mac.system,alt.comp.os.windows-10
arlen holder
external usenet poster
 
Posts: 130
Default More reasons to store NOTHING on the Internet: Facebook exposes hundreds of millions of user login/passwords IN CLEARTEXT since 2012!

On Sun, 24 Mar 2019 11:03:15 -0400, nospam wrote:

So how do you autogenerate passwords (eg with keepass) when many
institutions (particularly banks) won't tell you their password policy
(length, what characters are accepted/not accepted etc etc)?


How do you generate *any* password if the institution won't tell you the
rules? I can't think of any that don't.


any institution that tells you the rules is *less* secure than one that
doesn't. the bad guys now know what combinations to ignore, thereby
*reducing* the potential possibilities.


Throwing up meaningless spurious hurdles like this is just ridiculous from
a logical standpoint, IMHO.
o *Did _any_ of you ever even _see_ a keepass-generated password?*

Here is one:
https://i.postimg.cc/W19cRXjq/keepass01.jpg

HINT: They look like a long chain of scrambled eggs.

DOUBLEHINT: I doubt they will fail _any_ bank test, but even if they do,
you can add a bang at the end or whatever _extra_ is needed.

What you're doing is throwing up meaningless arbitrary hurdles.

I'm responding to Poutnik's inference that people aren't capable of being
"intelligent" with passwords, where I think it's _easy_ to be intelligent
about them.

One method to be intelligent about them is to let an app like keepass
generate and store them (or just store them) and then you pass the keepass
database from your desktop to your mobile device over your private LAN.

Keepass can _merge_ so you can edit either and merge to the other.

This eliminates writing the password down;
o It reduces the chance of a weak password
o It is random, so phishing attacks won't work as easily
o It doesn't require the Internet like LastPass does
etc.

All I'm saying, in response to Poutnik's advice to "just give up"
o Is that we can be intelligent about how we use the Internet
Ads