-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Master password generation strategy #16
Comments
You're a man after my own heart @patcon. I have this other idea I am fleshing out which is an educational game for under 5s which teaches them first principles in mathematics and cryptographic primitives such that once they learn no adult will ever be able to lie to them again because they will have the knowledge and the tools to verify it for themselves. To end gerontocracy once and for all, no incumbent empire, no victor will ever be able to stifle what wants to emerge. And this freedom begins with security, so yes absolutely we should come up with some educational resources for organisers to collaborate and share ideas about opsec. People have to feel like they're being let in on important information that most other people ignore because they're apathetic, but because they were smart enough to be here at this meetup they are going to get information that will set them apart. Keep these thoughts coming. |
Chris, I didn't think I could love you any more... But this is the coup de grace. xo, Will On Oct 31, 2014, at 8:41 PM, MrChrisJ [email protected] wrote:
|
@MrChrisJ Ack. I forgot to say so, but I really appreciate your sharing that aspiration! It's definitely been on my mind since. I've brought up the idea of teaching kids digital security with a few layperson friends. It's telling that they didn't find the idea completely crazy :) With all the data breaches lately, I think people are starting to get the sense of just how bad at this we are, collectively. |
Given that we've got a bunch of eager folks in a room for one of these events, perhaps it might also be a good opportunity to riff on password schemes for a digital future.
I've been pondering how we should think about passwords moving forward. I've been thinking about this process as it relates to children, but it's not necessarily that different for anyone new to these considerations :) I'm inclined to hope that in the future, we treat master password creation a little bit like a rite of passage. Kinda like sex ed, in schools :)
So as children become adults, we give them a crash course on how to think about their security in a digital future. We load them up with brief overviews, then at the end, we teach them strategies for how to generate their master password -- the password that they use to lock up their master PGP key representing their official identity, and perhaps used to generate the bitcoin brainwallet for their lifesavings. We teach them never to type it on a computer they don't trust (keyloggers), and never to type it on an online computer (Tails OS == offline?), and never to type it while any sensors, human or digital, might sweep it up (ie. not in a restaurant with CCTV cameras). My personal favourite strategy is to generate a random, many-word passphrase (20 words?) and to take some time to doodle an epic doodle that captures every word in the passphrase. Then I recreate it a few times, ensuring that, if my muscle memory on my password ever fails me, I can go back to this imagined doodle. I can ever save a copy of the doodle (perhaps with extra doodle noise) in a safe place, and know that even if found, it will likely be impossible to decrypt.
Anyhow, sorry if this seems a bit out in left field. I was excited thinking that perhaps you guys would share in my enthusiasm for ironing out this sort of stuff, since you're talking about perhaps generating files and assets that will represent our future personhood :)
The text was updated successfully, but these errors were encountered: