zishu's blog

zishu's blog

一个热爱生活的博主。https://zishu.me
HomeArchives

Some thoughts about passwords

#随笔#七日谈88
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author discusses their thoughts on passwords and the dilemma between creating a secure and memorable password. They mention different methods such as using formulas, pi digits, and combining pinyin and numbers. Some friends use password management software but express concerns about its security. The author prefers to have multiple backups of their data instead of relying solely on cloud storage.

During my subway ride today, I suddenly thought about what a secure, stable, and easy-to-remember password should look like. Should it include uppercase and lowercase letters, numbers, and special characters?

How to Set and Store?#

I think this is necessary, but if the password is too complex, it becomes difficult to remember. And in order to remember, there must be a pattern, but once there is a pattern, others will have more ideas when trying to crack it, which reduces security to some extent.

No matter how you think about it, these two aspects are conflicting, and it is difficult to reconcile them.

Then I discussed the issue of passwords with my friends, and they also have their own unique methods, which gave me a lot of new ideas. For example, remembering a formula, the nth digit of pi, pinyin + numbers, etc. This way, you can both remember the password and have enough confusion. Without knowing its position index, you cannot find the corresponding password character, which greatly enhances security compared to a universal set of passwords.

Some friends also mentioned that they use password management software such as 1password, bitwarden, KeePass, etc., which can generate various highly complex password strings through algorithms. However, during the discussion, they expressed concerns about password management software. If the software is cracked or held for ransom, or if the master password is lost, then all passwords will be lost as well. Although this possibility is rare, such incidents have occurred in the past.

Moreover, large software companies have more users, so once they encounter problems, the impact is greater, and users can only hope that the vendors have sufficient defensive capabilities. All passwords are backed up in the cloud, which is a fatal flaw in itself. If the cloud data is breached, the consequences would be unimaginable.

Additional Thoughts#

Due to personal habits, I find it difficult to fully trust various cloud services. Perhaps it's a form of paranoia, but I always feel uneasy about putting all my data in the cloud. So I usually make three backups: one must be kept locally on a hard drive, one is stored on a server, and then I make additional backups of less important data in an OSS bucket. The cost is not high, but it requires continuous maintenance of these data. For me, it's relatively easy, and I enjoy doing it.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.