Frabjous Times

Halt, who goes there?

Authentication security is something I take more seriously than some people. I use a different non-dictionary password each time I'm required to make one up, using a diceware random generator. That's the easy part. The tricky part is making sure that I have access to my cache of unguessable strong passwords when I need it.
  1. I keep records of each on my palmtop, encrypted with Keyring and a passphrase I never write down.
  2. As backup #1, I also have text files on my PC using gpg for encryption. Again, the passphrase is in my skull only.
  3. For my second backup, I have these text files on physical media in a secure location. This is in case I lose all my main passphrases.
I keep a slush pile of pregenerated diceware passphrases in case I am presented with another unanticipated need for a new one. I never reuse a passphrase for anything important or easily accessed by others.
All this effort mainly to safeguard some online transactions and a couple of email accounts. But I would feel too vulnerable with much less elaborate measures. To be honest, I don't know who the "bad guys" are that I'm guarding against, but it feels better to have something like this in case they're real.
Originally published: 2003/06/04 22:23:23