You're correct about physical theft of the drive. I was thinking more along the line of data theft via poor security configuration of my various software. I don't claim to be an expert and I sure there are holes in my 'net facing systems. So I'd rather not have a file containing my passwords, in one compact bunch, sitting on the drive. Even if they are encrypted...

Kind of the same thing though. If somebody has established remote file access on your computer and is able to steal files, they are probably also able to install key loggers and anything else they please. So the end result is essentially the same.

No password policy you implement is going to be 100% safe. I feel like its better in the end to have super strong passwords for all online accounts and manage them with a password manager than to have easy to remember, relatively weak passwords. I use a keyfile that is never stored in the same physical space as the password file (one is on a usb on my keyring). I feel pretty safe.

whatthefunk; Ultimately, you're correct. I like the separate physical drive (ie. USB), which limits the time window for an exploit to grab a file. It also makes it portable.

I think I'll just go back to my abacus, the password is 1101001000 which I can remember every time. Not fast, but pretty reliable

An interesting article that speaks to the above discussion:

This is another benefit of age, the comic seems new every time I read it.

all of the above is crappola.

get a physical piece of paper to which your kids and your wife or husband or other partner cannot get access,

Write down your dad's surname, your mothers first name and your dogs name.

throw it in the trash.

get another piece of paper.

write on it the first four letters of the first street that you ever lived upon that you can remember

like...

LOCU...for locust

then write down the two first letters of your first girlfriend or boyfriend

like...

MA for "Mary" or "Marshall"...

then writ down three random numbers...

5, 9, 5

then throw that piece of paper away...

then get a piece of paper and write down your name in any combination that the operating systems want such as...

WO34dsm93ke

that was woodsmoke

and add any three digits to it..

and throw it away...

then pick any random word that is the name of any animal that has a letter that has a weird letter on the upper case of the top row of the keyboard

such as Osprey

And substitute the dollar sign ( $ ) for the letter S and add the numbers...782 at the end...ONLY those three numbers...

and put it on a piece of paper...

get some coffee and come back to the computer and throw the paper in the trash...

then...

determine what the "thing" wants you do to... 6 letters, three numbers one non number letter and pick something that YOU CAN Remember

and add four digits to the end starting with...

0001

enter it twice and the whatever will accept it...

then...

every week...

change your password to the same thing only with the next in the four digits...

0002

next week change it to

0003

and then next week

0004...

and so on...

each following week

to 00099

all the pass word stuff is just crappola

it is all about how FREQUENTLY you change a SIMPLE password that YOU can remember...

get the hence to kali and download the cd and just TRY to get in...and you...tooo...can help change the world...until then...do the above, forget the crappola and snuggle with your better half.

wood#$DTGIXCBDH@##hashfifteenmodsevensmmoker

“This phrase is a good password” is a good password. Unfortunately, most systems do not allow spaces in passwords. So, “This$phrase$is$a$good$password” has to be used instead. [emoji3]

Or you could copy paste woodsmoke's posts. Use the more exuberant sentences as a password and replace the spaces with $.

Ooooo! I like that!
Thank you Bings and THANK YOU Woodsmoke!

But seriously...

the college has us change passwords every four months...and the password can be pretty much anything... a word with a capital and a number attached...

ANOTHER school that I am an anatomy and physiology instructor randomly every couple of weeks or month or so locks all instructors out until the password is change and they could care less what it is..

big idea...

the hacker has to download "the passwords" which are "hashed" and then use, usually a brute cracker to get at a password. It is not a guy in an interet cafe in Baghdad or Moscow.

it takes TIME to go through all that which is on THEIR MACHINE not yours...

so they crack a password and then they get into the system and then have to download all THAT data... which again, has passwords...

it is a matter of TIME...

The college itself says...ideally you should change your password...DAILY to something like...DOOF101

because you will change your password before the hacker gets at your previous password...

but...that take server space and bandwidth ON THE PART OF the host like the college and they don't want to spend the money...simple as that...

I use a simple password like... Arthrop101oda every week or so for EVERYTHING... to...Arthropod203oda not a biggie

MY BANK...

it has a two step NOT GOOGLE CRAPPOLA TWO STEP password process.

a) login by typing in my "password" which has to meet the normal yada yada yada...
b) next screen has a box showing eight images, a row of four above a row of four, in which I have chosen "an image".
c) i click the image

and done...

a bot, a hacker, a whatever will not know what image I click
i) because it does not have MY EYES looking at a screen
ii) it does not have my mouse moving to the picture...

this is a marvelous system for people who can see...

HOWEVER...

apparently the bank has now added a "vibration" call when mousing over an image...

a blind person is cued to vibrations and can recognize the vibration for an image...

How it is going to actually send the vibration to a "computer" i do not know but it can easily be sent to a cell phone...

so do not know...

Face recognition... what a joke

my TSA prepass...

a) I lay the PAPER airplane reservation with the TSA prepass number on it...down on a scanner.
b) I put ALL FOUR OF MY DIGITS, not the thumb on the appropriate squares...
c) a camera is sending my image to the TSA person

they wave me through from ten feet away...

because I spent the month or so going through the process
because i want to the TSA place and gave them my digital fingerprints and a picture taken during the fingerprinting...

Because i have nothing to hide.

and if a hacker gets it...duuhhh

FINE...TAKE IT...

I just go through the PHYSCAL process again...

Because you have to do the initial process online...which uses...a password...

I...ummm change the password if it is hacked...

and then go back to the physical building and enter the password and they check my fingerprints...

this whole thing is stupid because it is about
a) companies wanting to NOT SPEND MONEY
b) lazieness on the part of the LAZY sheeple

Hie thyself to Kali and try to get in if you do then...

VOLUNTEER...

woodweNEEDvolunteerssmoke

woodsmoke;
ARGGGGH!

I use a couple of websites which use that Google(r) image selection tool. They do it TWICE each time I log in. High irritation factor...

I understand their intent; to make it difficult for bots to slip through the log-in process. I also question some of their choices in "correct" answers. I'm sure many of you have tried the "Street Signs" image selection tool. I absolutely cannot get that one correct. The designers have a different idea of what parts of a sign are actually valid answers... It is the sign itself PLUS the posts which support it, sometimes... Other times the designer won't accept an image which only has a small sliver of the sign itself.

So now I "skip" the Street Signs tool and ask for another set of images. Eventually, I'm "allowed" to enter... I feel so "special".

I repeat: ARGGGGGH!

My bank has a security option of texting a code to the user’s phone (or email) when logging on. Accessing my bank by phone and using a txt msg code doesn’t work because when I switch to the msg app to get the code the bank app logs me out!