Comment 2RZ1 random passwords

Story

When will the era of passwords come to an end?

Preview

random passwords (Score: 1)

by seriously@pipedot.org on 2014-09-01 19:18 (#2RZ1)

So far, for websites I use pseudo-random password (generated using "$ openssl rand -base64 24") and I let the browser memorizes them (but I don't export it to my backups). So only my browser password to remember. The day they get erased or I change laptop, I guess I'll just click on the "Forgot your password ?" links wherever I need it. And websites I never visit ? oh well, I don't need them anyway (I'm pretty sure I've lost my slashdot credentials a long time ago and I have zero intention to get them back :-) )

As for ssh (or ssh-based) connexion, I use public/private key pairs with passphrases, I only have 3 different pair of keys so far, so only 3 different passphrases to remember

I would actually be interested in knowing which tool to use to manage all my passwords outside of the browser and still have them auto-complete when I log into a website.

I would be even more interested into some easy smartcard-like technology where I would use one of my USB stick with my GPG key on it to manage all of that. step 1: format USB key and fill it with some sort of GPG key, step 2: plug the USB key into laptop (+ maybe some 2-step verification ?) step 3: identified. step 4: the moment you unplug the USB key, you're offline.

But I know nothing about security or cryptography, so probably this is all highly insecure and/or dumb ...

Junk Status

Not marked as junk