View comment

OpSec tip of the week - Passwords

by /u/Shakybeats · 0 votes · 22nd August, 2023 21:15

This weeks suggestion came from /u/MommaBear who is also helping out with these posts. Remember if you have a suggestion or want to write a post we might sticky it for the week!


The last two weeks we talked about tools (pgp /post/820d0049072ee4e237f8 ) and Operating systems ( /post/456bcc9260532a7fe836 )

This week we will discuss one thing that might be even more important than the tools you use. Your Passwords! Most of the tools we use are only as strong as your weakest link. You can use the strongest encryption known to man, but if you have a weak password, it could be linked to you, or it might as well be useless.

I wrote a post about this a long time ago so I am going to borrow heavily from that post, but also expand on it.

First lets start with the do nots.

You should never be using the same passwords across multiple markets, or services. If a market staff member were to go rogue, or LE were to take over a market they could use your password to access other markets/services.

Never Make your password something close to you. If you are using your family members names/birthdates it can all be linked to you.

Never No matter how strong your encryption is you should never make your password something simple for a machine to guess, or crack.

but Shaky! I don't have to worry about that, my password is 10 characters long! I even put upper case/lowercase and numbers!
Aside from that being a pain in the ass to remember it's also still pretty easy to break!

But then what do I do? How do I keep my passwords safe? You want to use mnemonic passwords!

Mnemonic Passwords


What is a mnemonic password? A mnemonic password is a series on random words that are tough for a computer to crack but easy for you to remember. For example take the first 5 words of your favorite movies.

This picture⚠️ that /u/thotbot made sure was included in the DNM bible will really give you an illustration of how all this works.

Once you are using mnemonic passwords, you really only need to remember two of them. One for your system encryption, and one to unlock your password manager (keepass) You can use software like keepass to generate long random passwords that you will never need to remember! It will do all of the work for you.

User: /u/asfaleia

This is a Bad Practice actually. The encryption needs to have enough entropy. The mnemonic phrase should be as random as possible. For the best entropy use dices on the list of words. "Never Make your password something close to you" "take the first 5 words of your favorite movies." This contradicts each other. You wana change that advice for the real world security please.