Password Strength (and ease of memorizing) / Linux

Hi.

“/Linux” just because I came across this while I’ve been researching Linux, wanting to convert (from windows).

Here is a write up on creating strong passwords that are also easy(ier) to remember than what some of us might’ve previously (or might currently) consider(ed) strong.

I’m interested in (a) if anyone agrees or disagrees with this (and anything you might have to either support or …refute(?) it. And (b) anything you might want to share about your experience with Linux, especially if you were a windows/mac user.
Oh and in regards to the password topic, how many of you use some type of password manager?

Thanks.

Edit: Too bad I couldn’t write @“nerds”, and have the attention of all the right people. Hahaha.

“So go ahead, put us down
One of these days we’ll turn it around
Won’t be long mark my words
Time has come for revenge of the nerds”

6 Likes

I use song phrases + numbers I know + a single punctuation. I don’t use a standalone password manager but I used the Google password keeper function. Good tips, man.

Letmyspiritcarryme80!
Andshesbuyingthestairway90!
Hearditthroughthegrapevine70!

3 Likes

Yep that’s a good advice. You can use various diceware softwares to randomly choose the words of your password.

keepassx is a good software to store random long passwords in linux.

2 Likes
5 Likes

Hmm. I wonder about that, the song phrases, since they’re a known thing. But hey, a lot of people probably use the word “password” or the name of the service in their password. So you’re probably doing better there.
I’m not sure what that google thing is, but personally I wouldn’t use anything google I didn’t have to. Haha.

Nice. I use keepass. I use a random generator (which means I almost certainly don’t remember/know any of my passwords, haha). But this article seems to suggest that even the randomly generated 12-20 (etc.) passwords with lower case, uppercase, digits, and symbols are less strong than just a four word phrase. Which is definitely surprising to me.

Thanks for chiming in, guys.

1 Like

I don’t know what you’re trying to say.

I forgot the magic incantation:

Always a relevant xkcd

1 Like

I worked on a Linux centos devnet, run my servers on various flavors of Linux, and have a few of my laptops set up to dual boot. I’m a fan of it. I have some things I have to use Windows for though.

Getting comfortable navigating your way around can take a bit, but there are tons of tutorials from beginner to advanced online for free, and you can easily find info/help on forums, stackexchange, superuser, etc…

2 Likes

I personally use randomly generated passwords (20 character minimum where possible) or managed accounts whenever possible.

1 Like

I don’t know what you’re getting at, but maybe you’re thinking that I’d understand. I’m not a Linux guy (I just want to be), or a programmer/coder. I’m just a… novice level computer user. I probably know a little bit more than the “average” person, only because I like to diy and try stuff, and I go down rabbit holes often.

Sounds cool. I didn’t think the dual boot was a way I would go, but I’m considering that now, maybe as a first step, before I nuke windows forever. I’d still be using MacOS if my macbook could still handle what I do. I really like MacOS.
I’ve seen a lot of tutorials on youtube in particular, everything from 10 minutes to several that are hours and hours long, haha. Amazing. I’ll just have to jump into it though, I think. Play with it. I don’t really need windows, as some people do. I think fewer people probably do than actually think they do though (not talking about you).

Thanks.

How do you remember them? Must use a manager?

1 Like

Yes I use a password manager.

2 Likes

Sorry for causing confusion!

“xkcd” is the name of a long-running web comic by Randall Munroe. Most of his comics deal with computer science topics, or general science stuff. In my experience, xkcd comics are frequently shared by software developers when someone raises a topic that reminds someone else of an xkcd comic. Hence the phrase “There’s always a relevant xkcd.”

This particular comic is an over-the-top technical breakdown on passwords. The point is to show why passwords people normally use (“Tr0ub4dor&3”) are super difficult for humans to remember while being easy for a computer to crack. The comparison is in showing why longer password phrases (“correcthorsebatterystaple”) are easy for humans to remember while also making them exponentially more difficult for computers to crack.

1 Like

Oh ok. Thanks for the explanation.
I guess we should all be using passphrases (where possible) instead of just a word that we’ve tossed some L337 substitutions into then…

1 Like

The first linux distro I used was centos. Then, when I wanted to familiarize myself more to get up to speed for using it at work, I put Ubuntu as dual boot on my personal laptop. After using it for a few months, and deciding i like it, I put Ubuntu server on an old box at home to mess around with that, which was very useful for sure, and I like it. Now I have a couple more servers running debian.

Ubuntu is a good one to start with. if you’re going to mess around with Linux, learn to use the terminal command line interface as much as possible. Try to not get stuck using the GUI for everything.

1 Like

Nice one. I viewed the following on PBS just last night: NOVA | Secrets in Your Data | Season 51 | Episode 7 | PBS
At about 37:00 it discusses word lists. The host, Alok Patel, joked (i hope) visa vis using a pet’s name for a PW, that he had a goldfish named Password123. It says 8 character PWs can be cracked in minutes, but 12 character ones can take years.

So then I googled that and the 4th hit was the link you posted about word lists.

1 Like

Haven’t dual booted since 2009 or so. Ran Gentoo a while. Still have a stick around and used it to get some pics from a crashed laptop. I didn’t care much for the lack of updates and people selling web servers with crap like lxadmin.

Then there is the whole issue of Kernel.org having been compromised for 2 years 2009-2011 and then there is Ebury

2 Likes

Yes. That is the best password scheme. I use that style when it’s one I need to remember… things like “PoohPigletEyoreHoney” is super easy to remember, but would take a supercomputer centuries to crack.

I’m a Linux system administrator and software developer.

If you’re new to Linux, I recommend Linux Mint. It looks and feels similar to windows. It’s super stable (no crashes or lock ups) and has lots of support for various hardware (wifi chips, Bluetooth, etc)
You can “test drive” most Linux from a usb drive for a couple weeks before installing it onto your hard drive.

When I get a new laptop though, I wipe the hard drive to remove all traces of windows, and just install Linux. :+1:

5 Likes

I had a military buddy I worked in IT with for a while. He taught me about how they would use keyboard patterns rather than actual phrases. So you just memorize how you type it on the keyboard rather than remembering an actual phrase. It makes it way easier to speed type it once you get the muscle memory down and it’s nearly impossible to crack because it’s so random.

For example it could be “hold shift: type 1234, I hold shift and hit 1234 again” so you end up with 4 numbers and 4 symbols. Obviously this is a terrible example for practical use but hopefully it makes sense to read. I still use this in practice today 20 years after the guy showed it to me

3 Likes

I recently saw a trick that may work: remember a phrase and use only the first letter of each word:

“Don’t know why, there’s no sun up in the sky, stormy weather”
DNWTNSUITSSW :thinking:

2 Likes

That’s more or less the way I do it for my password, except I start by coming up with a short phrase or list. After awhile I hear the phrase in my head and type it in as one action without thinking of the characters being used on the keyboard. Then if I need to log in via my phone I have to sit here for a minute thinking it all out while physically moving my fingers as if I have a keyboard in front of me :laughing:

1 Like