Training your mind

I can’t help but think my biggest personal security flaw is that I use a password manager with a master key.

I can’t remember 300+ different passwords with passwords such as Toy$ykibqRpZU9#ZEID

But I can remember one long one.

And this is a problem because if someone gets the long one that I store only in one place, my head, they get all of them. That’s if, of course, password managers can’t be accessed without their passwords (0days etc).

It always worries me. I used to use Lastpass but they got bought by some big corporation. So I deleted that but who knows if it ever gets deleted really?

I figure the probably, most secure thing you could do is use different passwords and remember them.

I was reading about a drug lord who has 500+ bank accounts and 500+ investment properties. He has been in jail for over 10 years and the Police can’t trace them to sieze them as only he knows the details…in his head. He never wrote them down.

So it must be possible… so how would you train yourself to get that mentally good?

I guess the problem then is that the only way to extract info from a targeted individual becomes the “hot iron stick up the anus” extraction method the Russians allegedly favor.

You can use two-factor authentication to prevent someone from gaining access, even when the know your password.

2 Likes

Don’t reinvent the wheel. Do what your elders and betters have done.

Use a password manager, and write your master password on paper. Make paper backups and store them safely.

There’s very little chance that burglars would steal a paper notebook (even if it was not in a safe), and there is very little chance that they would morph into hackers once they would (hypothetically) realize what those notes are about.

Thugs are specialists. Those who raid homes are not the same as those who raid the Internet.

1 Like

False. A memorable security system is not a good security system. Use a password manager.

2 Likes

You can calculate the strength of passwords (bits of entropy) if you randomly choose chars from a defined set of characters (with equal probability for every char to be chosen).

As soon as you start to invent your own scheme, there isn’t any possibility to calculate the strength of this. For instance, this is true for things like “take a sentence from a book, the first character of each word is the password” (some chars are more likely the first char than others).

Then, there are passphrases like Diceware that also rely on a defined set of characters (in the form of words) with equal probability to be chosen. Look at it. Maybe, Diceware is something for you. The strength of Diceware passphrases can be calculated in the same way like calculating the strength of “normal” passwords.

If you are worried about storing your passwords in an online password manager, use offline password managers like KeePass 2 or KeePassXC.

See also https://infosec-handbook.eu/blog/modern-credential-management/

1 Like

This is actually very possible, the human mind is capable of incredible things.
There are books on different ways to memorize stuff, these techniques with practice
can help you, but why?

It’s too much work, just use KeePass or bitwarden, I’m sure nobody is going to decrypt your passwords, it’s just too much work and there’s a simpler solution.

I do encourage you however, to learn how to use your memory properly, this guy has several books on it, and a Guinness record
https://invidio.us/embed/MW0T8A9ImBc

let’s be clear - 2fa can reduce the risk, but that’s about it.

Dont overreact, passowords managers are fine. In any case, here is a method I learnt on a security demo: you can just devise a combination of movements across a keyboard (i. e. 2 up, one down, 3 to the left) so that, starting with any letter, you get a different combination, and thus a umique password: for instance, lets say you choose facebook, and you decide you are going to apply this method with the last letter, that is, starting with k: your password will be kniy, following your movement combo. You can repeat with the first letter, fcrw, so your passwd would be kniyfcrw, unique and differemt for each site; just a mnemotecnic rule. If you add a space between each of the combos, make them longer, or include special characters (lets say, always a £ between combos) its even more secure: kniy £ fcrw 8, as for 8 letters facebook has, is a really secure password with really little effort

I use my full brain capacity to remember passwords, nothing else fits in there now.

1 Like