The actual content is a lot more thorough:
Well, this is why my mother has three hundred maiden names, each pseudorandomly selected from a set with at least 56 bits of entropy. I keep them in my KeePass file encrypted in AES-256, which is secured with a seven word Diceware password.
Granted, I haven’t managed to get my wife to do likewise.
Well, this is why my mother has three hundred maiden names
They mean in relation to the secret question “What is your mother’s maiden name?”, they have made up and stored 300+ unique responses. Because using the actual one is asking for trouble.
No, I get that. Should have quoted the other part of the post. Who the hell is actually that meticulous about security?
Me, I just type random shit in those security questions, effectively disabling them. The only exception is my bank, because I get asked those questions after I type my password, if I’m coming from a different IP. Since I consider my card number and password the actual security, I don’t mind having these “insecurity” questions in this case.
I am also that meticulous except it feels more like common sense. If you’re using a tool like Lastpass, Keepass or 1Password there is no reason not to do it or even just store the random gibberish you typed in.
I don’t know which bank you’re with but I would check what security procedures they go through after you claim to have forgotten your password, because a lot of them with fall back on those questions. By doing it your way a person is relying on the bank not to do something stupid a hell of a lot more than the other way. So many criminals rely on social engineering over the phone to get what they want.
Aw, crap, you’re right, stupid bank does ask those insecurity questions in case of lost password. Damn, I don’t know what to do now. I don’t want to go through the hassle of setting up a keychain of passwords. So you see, there is a reason to not do it, the same reason everyone else has: too damn inconvenient.
Oh well. I too like to live dangerously, I guess.
With you there seriously: it is an inconvenience. However, it’s nowhere near as big an inconvenience as I thought it’d be before I started using LastPass. If you’re on Chrome it is almost seamless, even on mobile with iOS & Android.
Anything that is not hosted by me or has no source code is out of the question. From your recommendations, that just leaves Keypass. But then I would have to build it myself, since there appears to be no Debian package.
All valid worries. Keypass on Linux was always just a port of Keypass for Windows. Take a look at another project which looks almost identical but is properly cross-platform: GNU licensed KeePassX. [debian, src].
Okay, thanks, this is pretty convenient. I’ll start using this, and I’ll recommend it to others. My fiancée would probably benefit from this too.