[kwlug-disc] 2FA Google Authentication and Best Practices with passwords

[Paul Nijjar]

Do you keep a photocopy of the book someplace? What happens if
termites eat your passwords?

I think this is a reasonable approach, but when I did something
similar I found I was not being disciplined enough about making very
long and very distinct passwords for each site. 

- Paul

On Fri, Feb 04, 2022 at 04:39:33PM -0500, Doug Moen wrote:
> I keep all my passwords written in a paper book, not a computer or digital device.
> I use longish passphrases, not "secure passwords" that I have no hope of memorizing.
> I use a different password for each site, so if one site is compromised, the others aren't also compromised.
> 
> My wife knows where the book is, so if I'm incapacitated and she needs my password for some reason, it's easily accessible.
> 
> I do not store my passwords digitally. Computers are inherently insecure and untrustworthy, so if my password is stored digitally in a device that is directly or indirectly connected to the internet, then I assume that password is compromised. Computers are also way too complicated. A paper book is simple, robust and is impervious to remote exploits.
> 
> As always, you should think about your threat model when choosing how to do something digital. Different threat models => different methods. Also, any choice you make inherently has compromises. In my case, I obtain simplicity, robustness and imperviousness to remote exploit at the expense of less secure passwords (passphrases that I can memorize, vs base64 encoded 256 bit random numbers or whatever).
>