Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Terr_ 5 days ago

> Why would you want to memorise a password?

You'll definitely want to memorize the password to the backup service that has the last copy of your password vault after a disaster. :P

> Writing your passwords down on paper is actually less crazy than it sounds

I agree that physical security can be incredibly useful against a lot of modern threats... but we can do better. I wish there was a dedicated password-keeper device format of:

* A small keyboard and screen

* The data encrypted at rest by one master password

* Only permits upload/download of the the encrypted file over USB. With some companion software, you just plug it into your computer, computer copies the encrypted file to somewhere on disk that gets regularly backed up, the disconnects and beeps to tell you it's done.

* Sturdy enough that any "Evil Maid" attack needs to be done by a professional rather than a conniving roommate or jilted partner.

* Tracks history of entries, last-changed, etc.

eru 5 days ago | parent [-]

> You'll definitely want to memorize the password to the backup service that has the last copy of your password vault after a disaster. :P

Why? Write it down. Perhaps leave multiple paper copies around with some trusted people, like your lawyer and a safe deposit box at your bank.

Your proposed device seems a bit complicated. You can get pretty far with a piece of paper and this protocol:

Construct your password from two parts. (1) random gibberish you write down on paper, (2) a 'correct horse battery staple'-style part that you memorise.

Btw, have you looked into Yubikeys? They are better than password storage, because they can store your private keys and do signing with them. The key never leaves the device. (They can also store passwords, I think.)

Terr_ 5 days ago | parent | next [-]

> Why? Write it down. Perhaps leave multiple paper copies around with some trusted people, like your lawyer and a safe deposit box at your bank.

Those people would then effectively have access to your nearly-current desktop/laptop data from anywhere, especially since they would have to know who you are which greatly simplifies guessing your username/email.

> You can get pretty far with a piece of paper

Password Papers (A) never get backed-up, meaning they'll be locked out of basically everything if the house burns down and (B) I've already tried getting relatives using them to adopt exactly such a fixed+variable combo scheme.

Terr_ 5 days ago | parent | prev [-]

> Why? Write it down. Perhaps leave multiple paper copies around with some trusted people, like your lawyer and a safe deposit box at your bank.

Those people would then effectively have access to your nearly-current desktop/laptop data from anywhere, especially since they would have to know who you are which greatly simplifies guessing your username/email.

> You can get pretty far with a piece of paper

Password Papers (A) never get backed-up and (B) I've already tried getting relatives using them to adopt exactly such a fixed+variable combo scheme.

eru 5 days ago | parent [-]

> Those people would then effectively have access to your nearly-current desktop/laptop data from anywhere, especially since they would have to know who you are which greatly simplifies guessing your username/email.

Why from anywhere?