Instead of * warden, just use the tried and trusted KeePass, no need to run your own server. KeePassXC is a nice open-source alternative client, and KeePassDX is it’s Android equivalent. You can keep your password file in sync with other devices by using your favorite cloud backup or sync tool. The best part is, KeePass supports auto-type, which *warden and other cloud-based password managers don’t. Auto-type is handy when you want to input your password into a program that’s not a web page, or you’re accessing something via remote desktop etc.
A passphrase is much longer than a password, and therefor provides more enthropy, even when it’s completely mnemonic.
You should store it in an encrypted database with a password manager. But you also have to secure this database - with either a password or passphrase. And do not forget about a 2nd factor, like a key which you have to store somewhere. Maybe encrypt that one, too.
No matter how many steps of security do have: There will be a master password/passphrase, and you shouldn’t write it down in clear text! So better find a way (some kind of secret algorithm, stored in your brain) to reproduce your master pass.
The security of a fully random password depends on the number of available symbols (alphabet) and the length.
The strength of the password is simply symbolcount^length.
For a conventional password the symbols/alphabet are characters, numbers and special characters.
For a mnemonic the symbols are simply full words and the “alphabet” is a list with a couple thousand words.
Mnemonic passwords are secure because of their large alphabet, and easy to remember because of the lower length (in symbols) and because human brains are good at coming up with associations (usually stories) for random words.
If you want to generate your own mnemonic password you can try diceware.
With diceware you roll a few dice to select random words from a list.
In the crypto world, it is a bit different. The words are chosen out of a pre-set dictionary of 2048 words, making each word the equivalent of an 11-bit number. Your 24-word mnemonic is actually an encoding of a 256-bit number, with some checksum bits at the end.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
I tend to add them to my password manager, which funnily enough also has a recovery phrase which I just keep written down somewhere safe.
xkcd comic regarding your question of pass phrases vs passwords.
I generate mine with xkpasswd.net
deleted by creator
Instead of * warden, just use the tried and trusted KeePass, no need to run your own server. KeePassXC is a nice open-source alternative client, and KeePassDX is it’s Android equivalent. You can keep your password file in sync with other devices by using your favorite cloud backup or sync tool. The best part is, KeePass supports auto-type, which *warden and other cloud-based password managers don’t. Auto-type is handy when you want to input your password into a program that’s not a web page, or you’re accessing something via remote desktop etc.
A passphrase is much longer than a password, and therefor provides more enthropy, even when it’s completely mnemonic.
You should store it in an encrypted database with a password manager. But you also have to secure this database - with either a password or passphrase. And do not forget about a 2nd factor, like a key which you have to store somewhere. Maybe encrypt that one, too.
No matter how many steps of security do have: There will be a master password/passphrase, and you shouldn’t write it down in clear text! So better find a way (some kind of secret algorithm, stored in your brain) to reproduce your master pass.
The security of a fully random password depends on the number of available symbols (alphabet) and the length.
The strength of the password is simply
symbolcount^length
.For a conventional password the symbols/alphabet are characters, numbers and special characters.
For a mnemonic the symbols are simply full words and the “alphabet” is a list with a couple thousand words.
Mnemonic passwords are secure because of their large alphabet, and easy to remember because of the lower length (in symbols) and because human brains are good at coming up with associations (usually stories) for random words.
If you want to generate your own mnemonic password you can try diceware.
With diceware you roll a few dice to select random words from a list.
Lemmy has superscripts.
symbolcount^length^
produces symbolcountlengthDoesn’t show in vger.app
deleted by creator
deleted by creator
deleted by creator
In the crypto world, it is a bit different. The words are chosen out of a pre-set dictionary of 2048 words, making each word the equivalent of an 11-bit number. Your 24-word mnemonic is actually an encoding of a 256-bit number, with some checksum bits at the end.