Maximum password length on a Linux system and Password generation

[Jason]

I might be the only one (I hope not) but I found the top answer to this question about how long Linux passwords can be fascinating to read:

https://superuser.com/questions/148971/what-is-the-max-length-of-password-on-unix-linux-system

Been reading up on Diceware and suddenly had this question myself. I've always used relatively short password Linux passwords and then I wondered how much longer they could be. I usually use this site for generating complex but easy-to-remember passwords for Linux logins. But now I'm tending towards Diceware for better randomness.

How do you come up with your passwords, without giving them away obviously?

[fox]

I don't use random password generation, but the newer passwords I use have longer word, letter and number combos that make sense to me. I store the ones I don't always remember in a note application. More importantly, I try not to use my computer for things that could cause me trouble if it's compromised, like on-line banking. I know that this makes me a rare bird.

[Jason]

Thanks for sharing.

So you do all your banking in person? Like paying bills, etc? Did you have to tell your bank specifically not to set you up with an online account? I do online banking but I have a super long password for it - the entire alphabet will fit inside it - 174 bits of entropy which is considered a vast overkill. But I don't have to remember it or type it in. That's what my password manager is for and its master password has a similar level of entropy.

Personally, I'd never store my passwords in a note application on my computer unless it was encrypted with a strong password but maybe you do that already. They have password managers you can install that do this like Keepass (cross-platform) locally or online like LastPass which I use and they encrypt the database for you.

You might still find the link on Diceware interesting, particularly their FAQ. Even if you don't use the method, there is a lot there about passwords and what makes them secure, which isn't what most people think. And diceware passwords are strong, random but easier to remember than ones like Af^865;!' which is actually an example of a very weak password (and harder to remember) whereas celtic4after- is a much stronger password and easy to remember. The reason for using random passwords is if you're using words that mean something to you (instead of completely random), somebody else might be able to figure them out.

[bobf]

I have a couple of quick-'n'-dirty ones I use on knock-off accounts, but for the rest of my stuff I sit with a comprehensive set of characters in a spreadsheet and pick them out randomly, then use the hand-generated key in only one place. It makes for headaches keeping them in my head, but compromising one (good luck) threatens no others...

[Jason]

Of course, no discussion of passwords would be complete without xkcd's contribution which really sums up how you can have better passwords and have them be easier to remember.