Pin number strength
[deleted]
de0u do you recommend a 6 digit Pin or long password?
I currently have mine set with a 6 digit pass and the randomised keyboard
[deleted] do you recommend a 6 digit Pin or long password?
A long password is more secure given certain assumptions, but also less convenient. Which makes more sense depends on one's threat model.
[deleted]
de0u couldn't I just have put more sensitive data in a secondary profile with a long password? I figured I could put the long password in my password manager that is in my first profile?
thank you!
- Edited
[deleted]
Unfortunately you cannot access the secondary profile with your password manager from first profile.
That's the reason why I have changed from using the great local working KeePassDX app to the great online working Bitwarden password vault.
Because after every change of any password I had to export my password database from one place/profile/device to every other place/device/profile.
If I would at some point forget to export/copy/update a password, I could lock out myself forever.
[deleted]
Eagle_Owl okay so if my password manager is in the owner profile then i can copy and paster the exta long password from my vault to open the secondary profile?
PaulDavis I also am more than happy with a 6 digit pin.
As @de0u posts, it's all about your threat level.
And the level of competence of your aggressor.
But, randomised keyboard? That's Spy vs Spy stuff.
They would have to watch you entering your pin, probably on multiple occasions, and then have access to your phone.
I'll take the risk that a 1 in a million chance won't befall me.
[deleted]
No!
While you are in owner profile, you have no access to the login window for the secondary profile.
For security reasons, I let Bitwarden delete a cached password after 10 seconds.
– But even if I were to set this time to 10 minutes in order to first copy the extra long password from the password manager of the owner profile without stress and then switch to the second profile in order to paste it there – this does not work because the cache is deleted when switching to the second profile.
– Or perhaps to put it in more understandable and technically correct terms:
The cache of one profile is never available for another profile.
[deleted]
Eagle_Owl oh i see! well shoot.
[deleted]
- Edited
Eagle_Owl do you have a suggestion on how to use longer passwords? or should i stick with the pin?
- Edited
[deleted]
See my favourite comic strip for this topic:
https://xkcd.com/936/
I don't use a PIN – I don't want to rely solely on the secure element in the phone.
Because you need one really strong password for your computer/smartphone and another one as master password for your password manager, which you as human can memorise and handle:
Select the second method of this great comic, maybe better with seven words instead of four.
Write it down on paper (!), keep it in a safe place!
And use it constantly, several times a day at first, to really memorise it.
The following method helps you to memorise it as quickly as possible:
- Be sure to write it down (on paper!) and put it in a really safe place (for emergencies).
- On your PC/laptop, replace your previous password with your new passphrase of four to seven words (paper with new passphrase really created and secured?)
- Set the time for locking the screen from 30 minutes (?) or longer to max. 15 minutes!
This means you often get the login screen and have to keep entering the new password phrase.
Annoying, yes, but you'll quickly memorise your passphrase!
It's like in the old days when there were no smartphones/redialling and you had to type a phone number a lot if you didn't get someone on the phone straight away.
You quickly memorised even complex phone numbers without wanting to. :-)
[deleted]
Eagle_Owl thank you for the tips! Is 4 worlds okay or does it have to be 7?
I just use a 12-character password and my fingerprint.
Is that dumb?
The best solution I have for this is what I do.
I use a yubikey
The yubikey can act like a keyboard.
So I type in a shortish password then Press the yubikey and this the Automatically types characters as a keyboard.
taking my password upto 64, characters.
[deleted]
L8437 how do you do that??
[deleted] so the yubikey has different features.
There is an option for "short press" and "long press" of the button.
You can type in your own diceware password in the yubi key "long press" option. (That way if you lose it, you can manually type it in yourself)
Then when you plug it into the phone, or computer, you press the button and hold for a second, and it then rapidly types what ever you have set.
So what you do is...
When you set your phone password....you decide to manually type a short easy one....followed by pressing the yubikey. Because the yubikey acts like an external keyboard this means you can have a much longer password without the inconvenience of having to type it in manually
This means, with the yubikey on its own only provides part of the password so you can't gain access to your phone with JUST the yubikey as you would need to type in your manual password beforehand.
Does this make sense?
[deleted]
L8437 it absolutely does! I have yubikeys and have never tried this. how dod i get to those options?
[deleted]
L8437 NVM figured it out!