|
I have a "things I don't care about password" that's long, easy to type, and easy to remember. It's about 20 characters, which is sufficient for most services that don't have two-factor authentication, but annoying because some archaic systems STILL have a maximum password limit for ridiculous reasons that suggest one-way hashes are not being used. Wherever two-factor is available, it's turned on. Usually through my phone, which has its own passcode and won't display text messages on my screen. I'm curious as to how secure this really is, but I suspect this is reasonably difficult enough to hack that someone would have to be targeting me specifically to be able to reliably pull my SMS token out of the air and match it up to my login before I used it within a few seconds and invalidated it. If someone decides to target me specifically, I have bigger problems. For my email, my banking sites, and all the things that I really would rather someone else please not log into, I have a unique password. This is still long and easy to type; the only advantage of these passwords is that I am sure to not share them in any modified form anywhere else on the internet, which protects against these sorts of cross-site password theft attacks. (Even for my shared password I have a pattern that makes it uniqueish, but that pattern is simple enough that a human could probably reverse engineer it.) The only real exception to this strategy is things that can be password-less, though that carries its own weirdness. All of my remotely-accessible SSH servers use private key authentication and have passwords enabled for sudo, but don't allow SSHing in using that password. (So they are effectively single-factor for login and userland access, which can still do a lot of damage but requires a computationally difficult key, and two-factor for root access.) This carries its own issues; I have to keep my private key files somewhere, and even if I use multiple keys for each machine I log in from, all it takes is one rogue login to hose my server. I either put all my eggs into one basket by using some sort of encrypted store, or I spread out my attack surface, increasing its complexity, and decreasing the chance that I'll have successfully patched all the holes up. I also don't like that there's no way I could reasonably memorize a private key, so the option of NOT storing it kind of doesn't exist. At best I can try to protect the key in some way. |