I recently tried out a decentralized private messaging tool, it didn’t ask for my personal information to register.

Instead, it only asked me to create a username and set a password, after which it provided me with a mnemonic passcode. (I had never used a mnemonic passcode before, but I learned that it’s a web3 or decentralized type of thing.)

On their FAQ page says “The Mnemonic Passcode is your ONLY SOURCE of backup in a scenario where your device breaks down or becomes unusable due to any reason. In such cases, all you need is your Mnemonic Phrase to recover all your account information. It must be copied, screen-shotted, or written down and kept in a safe and secret place until it is needed.”

Does Mnemonic Passcode more secure than usual password? Plus, is there any other ways to keep you mnemonic phrase?

  • æjinei@lemmy.worldEnglish
    302·
    2 years ago

    I tend to add them to my password manager, which funnily enough also has a recovery phrase which I just keep written down somewhere safe.

    xkcd comic regarding your question of pass phrases vs passwords.

    • chicken@lemmy.dbzer0.comEnglish
      1·
      2 years ago

      It might be good enough for web passwords, but coming up with your own mnemonics is not truly secure because there are discoverable patterns in anything people come up with themselves, it isn’t actually random. If you order words in such a way to make it easier for you to remember it also makes it easier to bruteforce. Lots of crypto wallets where people tried to do this were remotely drained.

      Doing this is only safe if the words are selected with secure RNG of some kind.

    • Campa@lemmy.worldOPEnglish
      1·
      2 years ago

      Lmao, aren’t you doing the same thing for another round? But password manager do makes everything easier, I wonder is it decentralized as well? Cuz if it have a central server to keep all user’s passwords, it might not be safe tho.

      • 7Sea_Sailor@lemmy.dbzer0.comEnglish
        10·
        2 years ago

        Classic password managers are not decentralized, and why would they be? If you’re worried about storing your credentials on one central server (the official one), there are plenty of very good options for selfhosting a password manager on your own infrastructure. I will always point out the Vaultwarden project, an implementation of the Bitwarden API thats very efficient on ressources and works near flawlessly with all apps and extensions. A wonderful addition to your homelab or VPS.

      • d3Xt3r@lemmy.worldEnglish
        4·
        2 years ago

        Instead of * warden, just use the tried and trusted KeePass, no need to run your own server. KeePassXC is a nice open-source alternative client, and KeePassDX is it’s Android equivalent. You can keep your password file in sync with other devices by using your favorite cloud backup or sync tool. The best part is, KeePass supports auto-type, which *warden and other cloud-based password managers don’t. Auto-type is handy when you want to input your password into a program that’s not a web page, or you’re accessing something via remote desktop etc.

  • N3Cr0@lemmy.worldEnglish
    101·
    2 years ago

    A passphrase is much longer than a password, and therefor provides more enthropy, even when it’s completely mnemonic.

    You should store it in an encrypted database with a password manager. But you also have to secure this database - with either a password or passphrase. And do not forget about a 2nd factor, like a key which you have to store somewhere. Maybe encrypt that one, too.

    No matter how many steps of security do have: There will be a master password/passphrase, and you shouldn’t write it down in clear text! So better find a way (some kind of secret algorithm, stored in your brain) to reproduce your master pass.

    • dhork@lemmy.worldEnglish
      1·
      2 years ago

      In the crypto world, it is a bit different. The words are chosen out of a pre-set dictionary of 2048 words, making each word the equivalent of an 11-bit number. Your 24-word mnemonic is actually an encoding of a 256-bit number, with some checksum bits at the end.

  • U+1F914 🤔@lemmy.worldEnglish
    2·
    2 years ago

    The security of a fully random password depends on the number of available symbols (alphabet) and the length.
    The strength of the password is simply symbolcount^length.

    For a conventional password the symbols/alphabet are characters, numbers and special characters.
    For a mnemonic the symbols are simply full words and the “alphabet” is a list with a couple thousand words.

    Mnemonic passwords are secure because of their large alphabet, and easy to remember because of the lower length (in symbols) and because human brains are good at coming up with associations (usually stories) for random words.
    If you want to generate your own mnemonic password you can try diceware.
    With diceware you roll a few dice to select random words from a list.