Wednesday, January 12, 2011

Password Security

OK, maybe I'm missing something that IT professionals know about but this article was very interesting:

The Usability of Passwords

Instead of forcing people to use passwords like S4fr#db&, which will be written on a piece of paper, a password like Weasel monkey Steve would be essentially secure forever and pretty hard to forget. Brute-force attacks would take thousands of years or longer to guess such passwords and I can't imagine anyone wants to get into my accounts that badly.

What really bugs me as well as the forcing of overly-complex passwords, is that I have dozens of accounts each with usernames and passwords and each with different conventions for passwords making it impossible to use the same for each (e.g one wants 8-10 characters, one wants 8 or less, one wants special characters, one doesn't recognize special characters, etc.).  And I really hate the sites (including my job) that make me change my password every few months.

Solution?  I have an Excel file I have to keep on multiple computers which has a list of all the passwords - I just looked, there are 38 listings right now.  That file is, of course password protected but guess that single password and you have everything about me.

Seems like there could be an easier way.

1 comment:

  1. Try Password Dragon
    It's simple, secure, java based ergo portable.