Yesterday, there was an announcement that hashes Gawker Media's account passwords had been compromised and published on the internet. I had never heard of Gawker Media.
- I am going to use even stronger passphrases for each of my primary accounts.
- I am going to always use different passphrases for each of those primary accounts.
- I am going to memorize each of those passphrases from (1) and (2).
- For all secondary accounts, I am going to use unique, randomly generated passphrases, perhaps created like this:
apg -a 1 -m 15 -M SNCL -n 1 -c /dev/urandom
- I am not going to memorize any passphrases for secondary accounts. Rather, I will entrust my browser to save those passwords (which are stored in my encrypted home directory). I will use a password reset function any time I lose or forget or clear that database.
- I will maintain ~/.passwords.gpg -- an encrypted text file with all of my accounts and passwords, and use the gnugpg.vim plug to securely edit the file.
- Primary accounts - the few things that I need or else I'm unable to get work done, or access other critical data (e.g. Gmail, Launchpad/Ubuntu SSO, ssh, gpg, eCryptfs)
- Secondary accounts - everything else that has a password reset function and can be securely and locally cached in a browser's (or other application's) saved password database (e.g. Facebook, LinkedIn, Twitter, my banks, et al.)
- Minimize the number of passphrases I have to remember.
- Strengthen and diversify the passphrases to my few primary accounts.
- Eliminate the possibility of any passphrase being cracked by brute force.
- Consolidate the risk of any one passphrase being stolen to that account alone.