Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well, I do it a lot. I do consulting in IT security and go through the onboarding process of a different company 15 times a year. My customers and co-workers are often security conscious and sometimes give me passwords like RC-A"c\EJe,0l@q. I prefer the US layout but live in Germany, so there is often a mismatch between my physical keyboard and the system I'm typing on, which causes me great frustration. Typing in the LUKS password of a VMware machine via vSphere web console does not allow copy/paste, neither does logging in to a physical device provided by the customer.

I realize I'm far from a typical use case, which is why I'm so glad when people consider password ergonomics. It makes life easier for me and does not make it harder for anyone else.



This is an easily solved problem through both software and hardware. If you are frequently typing complex passwords, consider some alternatives:

Software typing of password:

Linux - ydotool / xdotool. Win/Mac have similar tools:

  $ sleep 5 ; xdotool type 'RC-A"c\EJe,0l@q'
>> physical device provided by the customer.

Hardware : Rubber Ducky - https://shop.hak5.org/products/usb-rubber-ducky


I do something like this surprisingly often when dealing with iDRAC/IPMI/etc:

    sleep 3; xdotool type "abc123"


When I was doing that a lot I just patched my VNC client to send the keys for the data in the clipboard on "paste" so I could use its native "paste" command


.. and now the password is stored unencrypted in your bash history.


Use the `read` method the other poster said, or ensure HISTCONTROL is set and then prepend a space to commands that contain secrets.

  $ export HISTCONTROL=ignoreboth
  $  echo 'supersecret' | whatever


That's a feature, not a bug. :P

Alright if you prefer:

    read PW; sleep 3; xdotool type "$PW"
Or if it's already on your clipboard:

    sleep 3; xdotool type "$(xclip -o)"


Prefix any command with a space and bash won't append to the history.


Careful that's only true if you set HISTCONTROL to "ignorespace" or "ignoreboth".


Which seems the default in my anecdotal experience on debian/Ubuntu.

It is also the default on fish shell in the same anecdotal experience.


I would simply save that into 1password and never have to type it or remember it ever again.

In your obscure set of requirements (no paste?), yes you might have to copy it again, but at least you don't have to remember it.


1?Z-2>@.#x3O0_l^,fNO%0o

Your comment was interesting to me, so I was trying to come up with the most "ergonomically unsound" password. How did I do?


Add a double space somewhere, and append single space to the end just to be safe.


Maybe there is a single space at the end. No way to know. Well done, GP.


Just have Keepass pick from the extended ASCII set

    Å`÷½¸Å^çÏ+Í?«~Ðñø'`¾


I see you, and I raise you

    ĮǶľƶₔâ¾ijĤĬď©‘¦ı‰ęž‰śij²ÔķՎĜ́北¹«ƶ’–­ħ›ĸ«


well I want to have some chance at typing it in if I absolutely must...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: