Master Password(s)

In reading some of your blog posts about creating strong passwords, I noticed something about having different master passwords for the desktop and iOS apps. Is this true, or was this possible in the past before syncing through dropbox? If so, how can I set that up?

Also, regarding the security of strong master passwords, how secure are passwords that would contain words or names spelled backwards? I've used this technique for my email address and have thought it to be a good solution; it appears very gibberish, but I can easily remember it/figure it out and after some practice, it's not hard to type.

Thanks!

Comments

  • thightowerthightower T-Dog Agile's Mascot Community Moderator
    edited March 2013

    Hey littleluce

    Separate Master Passwords were possible in 1Password 3 for iOS. 1Password 4 for iOS uses the same Master Password.

    As to the security of passwords the staff will need to comment on that

  • khadkhad Social Choreographer

    Team Member
    edited March 2013

    Also, regarding the security of strong master passwords, how secure are passwords that would contain words or names spelled backwards?

    From our Toward Better Master Passwords post:

    The schemes we come up with can be coded into password cracking systems. A good master password is not just limited by what a human can remember, but it is also limited by what a human can create. We can get digits and punctuation into passwords easily enough, but our selection methods involve a lot of predictability. Human behavior is more predictable than we like to imagine. That predictability can be exploited in password guessing programs.

    Every "clever" trick (such as spelling words backwards) is already known to the crackers:

    Passwords such as "mustacheehcatsum" (that's "mustache" spelled forward and then backward) may give the appearance of strong security, but they're easily cracked by isolating their patterns, then writing rules that augment the words contained in the RockYou dump and similar lists. For Redman to crack "Sup3rThinkers", he employed rules that directed his software to try not just "super" but also "Super", "sup3r", "Sup3r", "super!!!" and similar modifications. It then tried each of those words in combination with "thinkers", "Thinkers", "think3rs", and "Think3rs".

    I encourage you to read the entire Toward Better Master Passwords post. We recommend Diceware as a Master Password creation system since it is truly random but still memorable.

This discussion has been closed.