zishu's blog

zishu's blog

一个热爱生活的博主。https://zishu.me
HomeArchives

Some thoughts on passwords

#随笔#七日谈96
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author discusses the dilemma of creating a secure and memorable password, and the potential risks of using password management software. They share various methods for creating passwords, including memorizing a formula or using a combination of numbers and pinyin. The author also expresses their personal preference for backing up data in multiple locations rather than relying solely on cloud storage.

During the process of taking the subway today, I suddenly thought about what kind of password is secure, stable, and easy to remember. Should it include uppercase and lowercase letters, numbers, and special symbols?

How to Set and Store?#

I think this is necessary, but if the password is too complex, it becomes difficult to remember. To remember it, you must have your own rules, but once there is a pattern, others will have more ideas when trying to crack it, which compromises security.

No matter how you think about it, these two aspects conflict with each other, making it difficult to reconcile them.

I then discussed the issue of passwords with friends, and they also have their own unique methods, giving me many expanded ideas, such as memorizing a formula, the position of pi, pinyin + numbers, and so on. This way, you can both remember it and have enough confusion. If you don't know its position index, you can't find the corresponding password character, making it much more secure than a generic password.

Some friends mentioned that they use password management software, such as 1password, bitwarden, KeePass, etc., which can generate various highly complex password strings through algorithms. However, during the discussion, they expressed concerns about password management software. If the software is hacked or extorted, or if the master password is lost, then all passwords will be lost as well, although this possibility is rare, such incidents have occurred in the past.

Moreover, large software companies have more users, so if they encounter issues, the impact is greater, and users can only hope that the vendor has sufficient defensive capabilities. All passwords are backed up in the cloud, which is a fatal flaw in itself. If the cloud data is breached, the consequences are unimaginable.

Further Thoughts#

Due to personal habits, I find it difficult to fully trust various cloud services, perhaps due to paranoia. I always feel uneasy about putting all my data in the cloud. Therefore, I usually have three backups: one must be kept locally on a hard drive, one on a server, and another backup some less important data in an OSS bucket. The cost is not high, but maintaining these data continuously is relatively easy for me, and I enjoy doing it.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.