How to burn a password into your brain

http://nakedsecurity.sophos.com/2014/07/14/how-to-burn-a-password-into-your-brain/

 

I was going to say that you'll never get people to stop using their pets name but their other article beat me to it: http://nakedsecurity.sophos.com/2013/08/06/ok-who-uses-their-pets-name-as-their-password/

 

Mathematics makes strong case that “snoopy2” can be just fine as a password

http://arstechnica.com/security/201...-that-snoopy2-can-be-just-fine-as-a-password/

 

theguardian

 

I get the thinking behind "well, if it's just a web forum or something why set a strong password when it's not as important". But really, why not use a strong password? Get in the habit, make it hard for any other person but you to access your stuff.

 

The thing that would worry me about this is long-term retention using these memorisation techniques, particularly when it was not often used. I didn't see anything in the study where they looked at retention a year downstream.

What I find with my long Diceware passwords is that they are fairly easy to remember, and, more importantly, they stick, precisely because they can be made to mean something,for me!

I also do not agree with the MS advice relating to using weak passwords on "unimportant" sites and warning about the dangers of password managers, because it is ignoring 2FA, which simply has to become more widespread and easy to use. I find that a limited number of strong memorised passwords, plus a Yubikey coupled with Lastpass and Password Safe is a workable arrangement until more sites natively include 2FA which respects users's privacy better than current ones (e.g. the Fido initiative).

 

I prefer to use at least 30 digits random password for anything, just for the fun of it.
Thanks god there are Lastpass, Keepass, etc in this world.