Divemedic has a very good post up about password managers - applications that remember all the various passwords for the different apps and web sites you use. A good password manager will let you basically have non-guessable/crackable passwords that would be too hard to remember on your own.
(He also has a good post on using Pass-phrases instead of passwords. I've recommended this for like forever.)
The downside of password managers is that all your eggs are in the same basket. The key is that you have to put a lot of trust in the reliability and trustworthiness of the password manager. Divemedic's first post linked to above is a great analysis on when to bail on an insufficiently trustworthy password manager.
8 comments:
I've been using an 'odd' set of keystrokes for years, based on something I had to do in the Navy. It's worked for me, but I like the pass phrases idea too!
He went from one cloud provider to another, which doesn't seem too smart.
I use KeePass, which is 100% local. I have my database stored on a flash drive, which, yes, is a bit of an inconvenience if I'm working on a different computer, but worth it to not let some cloud provider give my passwords to the entire world.
Yes, I have backups.
I live a pretty simple internet life so just keep my passwords in a notebook or in my brain. Some are random keystrokes and others are pass phrases. Do not like "cloud" storage because sooner or later it will be compromised.
Your suggestion of the passphrase has been very useful to me. Taking the first letters of a song with a character and number makes my passwords easy to remember.
What the heck does he do with email that makes it the #1 priority for security.
I continue to maintain that personal passwords are just security theater. The real threat is on the central servers.
I'm with the others - I trust the cloud as far as I can throw it.
My storage is local and spread between a couple of places and methods so no one issue, even in my house, will compromise everything important.
I have simpler passwords for unimportant sites and unique complex passwords for important ones like financial stuff.
But my most important, i.e. valuable, accounts are specifically NOT setup for online access - I don't need into them often and the hassle is worth it to safeguard the contents.
Pretty much - in DMs example, his and other files were disclosed by poor data handling from an engineer working from home, not anything a customer did.
I don't use a PW manager that stores data on the cloud. Not worth the risk. I use one that is only local. It's not that hard to get in the habit of keeping the password database up to date and keeping backup copies in a safe place. You just need to make the decision to do so.
Post a Comment