1526
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 05 Jul 2023
1526 points (98.5% liked)
Android
27484 readers
185 users here now
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
founded 1 year ago
MODERATORS
I don't like to keep any security stuff in "the cloud", written down anywhere, or even on my own devices. It's too easy to lose everything after one security breach.
Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.
For my old job I used to have to manage about 60 passwords that all had different time limits on when they needed to be changed (one was every 3 weeks and some lasted a year for example). I never used a manager because of 2 reasons; insuring my passwords on someone else's computer (aka the "cloud") is fundamentally insane and maybe more importantly the passwords are not used all on the same machine (end users server, phone, laptop, on the phone etc.).
If I did not use a similar system of "algorithms" I would go insane. Although this was on paper or in my head. I would normally use the month changed, and a cycling root password with the needed special characters in between. For example for a password changed today that required a min of 8 characters and at least one cap and special it would be "Jun" + "!&@" + "1Firstoflistpassword" if there was a limit of say max of 8 then it would not use more then the first 2 letters of the password and if no special characters permitted then the center was dropped.
This is the situation I'm in. Half-a-dozen clients in the energy and automotive industries, each with multiple security regimes and short timeouts. Passwords mutate with time and I stay sane...
I hated one NOC that required a 6 digit numbers only password that needed changing every month. It also could not be one used in the last year. Most pointless password ever. Keep in mind this was to reach lvl 2 to say reset a switch or whatever so I would think that there was so many people with passwords that you would have a hard time not entering a valid password.