Re: [tlug] how do you 'web password' ?

[Josh Glover <jmglov@example.com>]

On 19/12/05, Evan Monroig <evan.monroig@example.com> wrote:

> I have several computers and currently what I do is create 'random'
> passwords that I choose (and forget of course ...), and then I encrypt
> them with with my public gpg key. Not really practical but maybe
> better than the alternative (same password for all accounts, or a
> sheet of paper with all passwords).

I do precisely the same thing, and so does Scott, and so does Mauro.

This is not a "bad solution". To wit, note that Bruce Schneier, God
Almighty of All Things Crypto and/or Security-Related, [1] himself
advocates using a password safe tool, [2] which he originally wrote
and is now maintained by others (on SourceForge).

This is the same solution as using GPG. His tool, having a GUI, is
targetted more at Windows users, I think.

By the by, if you have *any* interest in security, computer or
otherwise, read Bruce's blog. And read a few of his books, [3] as
well. I can vouch for both "Secrets and Lies" [4] and "Beyond Fear";
[5] the former is as good a primer on computer *systems* security as
exists, and the latter looks at the Big Picture, in the post-911
world. Civil libertarians everywhere will rejoice to know that Bruce
thinks that basically everything the US has done after 911 has made
little sense, security-wise. He thinks the invasive airport security
is actually making us *less* secure, not more.

Cheers,
Josh

[1] http://www.schneier.com/blog/
[2] http://www.schneier.com/passsafe.html
[3] http://www.schneier.com/books.html
[4] http://www.amazon.com/exec/obidos/ASIN/0471253111/counterpane/
[5] http://www.amazon.com/exec/obidos/ASIN/0387026207/counterpane/