<html><head><meta http-equiv="content-type" content="text/html; charset=us-ascii"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">I put my passwords on my paper rolodex.<div>It has never been hacked.</div><div><br><div>
<div dir="auto" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">Alan Millner</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">amillner@alum.mit.edu</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">781-862-7893</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">48 North St., Lexington MA 02420</div></div></div><br><br class="Apple-interchange-newline">
</div>
<div><br><div>On Dec 29, 2022, at 3:55 PM, Jon Dreyer <jon@jondreyer.org> wrote:</div><br class="Apple-interchange-newline"><div>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div><p>My approach is a bit more work, but it makes me feel safe despite
how theoretically easy it would be to break it.</p><p>I have a text file in an unlinked, and trivially password
protected, Web page. That file looks like a list of my passwords,
but it isn't quite. Each password in the file is a randomly
generated string, but what the attacker (except for you all)
doesn't know is that the actual passwords are those random strings
but with my own personal tweak. When I log in to, say, my bank
account, I copy/paste the string from the file into the password
field and then tweak it.<br>
</p><p>So the only way I'm screwed is if they find this file and figure
out my ttweak (and there's no clue that one is needed except that
the passwords don't work). Cryptographically unsafe, but it feels
pragmatically pretty safe to me, since you can break into millions
of accounts if you hack lastpass, but you can only get my accounts
if you hack this.<br>
</p><p>Somebody who doesn't have their own Web site could do this with
something like a google doc or google sheet.<br>
</p><p>And I also use 2FA for important sites as well.<br>
</p>
<div class="moz-signature">-- <br><p style="font-family: Times, serif">
Jon "I Don't Have To Outrun The Bear; I Just Have To Outrun You"
Dreyer<br>
<a href="http://www.passionatelycurious.com/">Math Tutor/Computer
Science Tutor</a><br>
<a href="http://music.jondreyer.com/">Jon Dreyer Music</a>
</p>
</div>
</div>
===============================================<br>::The Lexington Computer and Technology Group Mailing List::<br>Reply goes to sender only; Reply All to send to list.<br>Send to the list: LCTG@lists.toku.us Message archives: http://lists.toku.us/pipermail/lctg-toku.us/<br>To subscribe: email lctg-subscribe@toku.us To unsubscribe: email lctg-unsubscribe@toku.us<br>Future and Past meeting information: http://LCTG.toku.us<br>List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us<br>This message was sent to armillner48@gmail.com.<br>Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/armillner48@gmail.com<br></div></div><br></div></body></html>