Of all the unavoidable aggravations there are in the modern world, passwords have got to be near the top of the list. Every site you go on for any service whatsoever on requires you to get an account with a password. The average Internet user probably has between 12 and 80 passwords to "remember." I put those in quotes, because except for some Asperger's cases, hardly anybody has memorized that many. They either use one duplicated password, or they have them written down, or both. Both are considered poor practices.
Passwords are also inherently a weak link in security. I'm told by this article on Dailykos, and I'm sure it's factual, that password cracking technology has become very good, that is, they can test 2.3 billion passwords per second, or 828 trillion an hour. (I'm also aware, however, that few if any websites will allow trillions of log-on attempts. I'm sure there are methods that circumvent this.)
The best advice to prevent cracking now is: 1) don't use real words, or even variations of them in creating a password;. 2) Never use duplicate passwords for different
sites; 3) Change your passwords frequently; 4) mix in special characters and capital
letter; 5) Don't write your passwords down.
You might observe here that the exact measures you take to make a passwords resistant to cracking will also make them resistant to memorizing. This makes these measures unworkable for most people.
Forgetting a password, no matter for what, is inherently embarrassing. More so if you've reached middle age. Worse and more embarrassing, your mind might not go totally blank. You might just forget one part, like not typing a letter upper case. Since you can't see password as you put it in, you can't check on what you're forgetting. So, you'll end up changing it one letter at a time, having to answer captiva distorted letter puzzles forever, and still you might not succeed, and you'll never know why. Meanwhile, you'll get locked out of your account for missing too man Captivas. Try talking to a French Tech Support guy who discovers you can't open your encrypted file because you're using the wrong password."I recommend you use the right password."
So, in the article mentioned above, he recommends getting a password manager. These work okay, but with one gigantic weakness the author admits: they are secured with one password you absolutely cannot forget and can't have stolen. This means you have to make it easy to remember, you thus make it weak, or you have to write it down. Once that password is cracked, the hacker has access to everything.
Why not add a second level of security here? Store your passwords in a encrypted text or spreadsheet file on a flash drive that you keep on your person. Only plug in that flash drive when you need to enter a password, then unplug it immediately. This way, you have more security than a password manager can provide, and yes, you have to use a master password, but not one that's stored on your PC or iPhone.
It's not perfect but it's the only thing I can think of. The hassle and dilemma of passwords are the few things that make me nostalgic for the early '90s.
Update (Afterthought) 8/22/12: Maybe I could have chosen a better name. Apparently, when we die and go to heaven, St. Peter asks you for your password. When you give it to him, he hands you a Captiva puzzle to solve. If you get only the Captiva wrong, you end up in Purgatory. If you get your password wrong, you end in Hell.
Some have suggested that using a multiple-word password is actually more secure than combining single-words with numbers and symbols.
ReplyDeleteI also love the idea of another type of password suggested in one article: dog............
Replace 'dog' with any simple word. replace the repeated symbol with any repeated symbol of your choice. Very easy to remember, very hard to crack.
Something I wrote a year ago, with several links: http://blog.transylvaniandutch.com/2011/08/password-security.html