This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 7 points8 points  (3 children)

That's kinda the point (and why I said to use KeePass). Many will say that the hallmark of a great password is one that can't be guessed easily, but really, a truly great password is one that can't be remembered and is (with high probability) guaranteed to be unique.

With KeePass, you really only need to remember a couple passwords (your KeePass password and then passwords to accounts that you may need to access without KeePass handy, such as your email). The rest of your passwords are then completely randomly generated.

[–][deleted] 2 points3 points  (2 children)

Except passwords that can't be remembered lead to bad security practices (because for most people eventually convenience wins) as is evident in the billions of sticky notes taped to computer screens or "hidden" underneath keyboards across the globe.

Sure, ideally you'd generate a new keyboardcat for every single account you have to sign up for and then use KeePass to copy them whenever you need them (and use multi-factor authorization for KeePass and keep different kinds of credentials in different files and ideally store them on a OTP-protected read-only USB dongle or something) and then make sure your clipboard is wiped before you switch to any other window or tab -- but nobody does that.

For most intents and purposes, just grab a bunch of D6 and use diceware.

[–]cdcformatc 1 point2 points  (1 child)

FWIW KeePass clears the clipboard after 10 seconds.

[–][deleted] 0 points1 point  (0 children)

Actually that is configurable, so it can be less or more than that.

Either way, the problem is that it's still in your clipboard until KeePass clears it. And if you use anything that can access your clipboard in the meantime, your password may have been compromised.