Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The author recommends the use of XKCD correct-horse-battery-staple style passwords (aka diceware), which have a high ratio of entropy to ease of transmission effort.

In other words they're relatively easy to exchange over a phone call but still secure.



And you can compose them from "pre shared" secrets.

For example, the password hint for a secret I send to my sister:

- The name of our neighbors cat

- The name of your first boyfriend who scratched dad's car

- Mom's nickname for aunt Ilda

Concatenate those three with a dot. And voila, a pretty secure password without need of a side channel.

(just made this up, I don't have a sister...)


Whatever, now we know your password is "Miffy.Biffy.Boffy"


Or just put it up on the kitchen wall...

"Live well, Laugh Often, Love Much"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: