Passwords stored by Firefox

Mon Feb 16 12:00:08 UTC 2015

On 02/15/2015 11:09 PM, Tim wrote:
> Allegedly, on or about 15 February 2015, Eddie G. O'Connor Jr. sent:
>> I have discovered a method of creating passwords that has helped me
>> greatly throughout the years. I learned it from this girl who was
>> always teased in school for being "weird" LoL!  (Thank you
>> Sharon......wherever you are!) So imagine you want to use the word
>> "gasoline" as a password.......the simple trick is to "push" each
>> letter over by one!
> Short passkeys, whether words or letters, are too easy to crack, one way
> or another.  Lengthy ones are your best protection.  If *you* have to
> type it in, you really want something that you can type easily, and
> without making mistakes.  Adding difficult stuff to type in only hurts
> you, they're not any harder to the machines cracking your password than
> any other characters.
>
> As far as I'm concerned, the easiest way to make lengthy passwords that
> you can remember and type in correctly is to combine three or more words
> into a passphrase.  Don't use a quote, or logical sentence that someone
> may guess at.  e.g. If people know your favourite film, it's stupid to
> use a famous quote from it.
>
> Something like "purpleglidingcows" would be something you could type in
> easy enough, and picture it in your mind as a memory aid.  It's odd ball
> enough that nobody could simply guess it, it's long enough that cracking
> it would take ages.  And for a family situation, where you want to tell
> others the password to use for something, it's easy enough to tell them
> what to type.
>
> While some will argue that real words make it easier to crack, I argue
> that the combination of several makes it damn near impossible.  A
> cracker has to guess the right number of characters, or words, to try,
> as well what characters they might be.  The possibilities of what your
> password might be are astronomical.
>
> It's a hell of a long time since I did probabilities in high school
> maths, but if you just use letters instead of numbers, each position
> could be any of 26 characters (instead of 10 options), and each position
> is not related to any other character (one does not determine the
> other), so my example means that it represents an unknown number of 26
> to the power of 17 that you have to guess at.
>
> Of course if you don't know how long my password is, you've got even
> more combinations to deal with (all of the shorter than 17 character
> possibilities, too).   So, if we converted that word to numbers, tell me
> what number I'm thinking of right now, that might be anywhere between 0
> and something with 24 numerals (to give you approx all the possible
> variations that my password might have).
>
> If you really think that you could have guessed /that/ password in a
> useful time, please let us know the winning lottery numbers for next
> week, while you're at it.
>
It would seem I have been /ignorant/ of password management for all 
these years. I am grateful for all the advice and instruction from you 
guys (special Thank You to Heinz Diehl, for breaking things down and 
explaining things to me on my "sub-atomic" level of understanding!) I am 
now going to install a Password Manager on both my Fedora and CEntOS 
boxes, (and I guess I will see what exists for my Ubuntu and Arch Linux 
machines as well. I think that armed with a Password manager things 
might be a little more secure at home.

EGO II