14 thoughts on “PUBLIC SERVICE MESSAGE

  1. That’s it! I’m building a cabin in the woods and dropping out.

    (Glad I can’t hear clapping over the internet.)Report

  2. Secure passwords are good to have. Password safes are a great way to facilitate their use.

    But using a secure password provides approximately zero protection against Heartbleed, and the many similar server-side vulnerabilities that have occurred in the past and are likely to occur in the future.Report

    1. Good password management does cut down on your exposure, though.

      Plus, you need to get in the habit of changing your passwords anyway, as long was we’re stuck using them.Report

  3. At least for Android, there is an app calls PasswdSafeSync, which does what it sounds like – syncs your password safe to a cloud storage location. If you are like me and too lazy to properly manage manually copying the password safe off the phone and backing it up every time you add or change a password, that’s a reasonable next best thing.

    Also, for large changes, it’s way nicer to be able to use the desktop version of passwdsafe, with a proper mouse and keyboard. The updated version will then synchronize itself to your phone.Report

  4. For #6: It’s amazing how bad real honest-to-God financial companies are at this stuff. My favorite one that I experienced fairly recently was that the password had to *start* with a letter. Clearly this wasn’t done to enhance security (and if it was, whoever thought it would is stupid), so what does it mean? What kind of funky code are they using that gags on strings that begin with a character other than a letter? Who knows how deep the rot goes?Report

  5. I’ve been using a program/plugin called PasswordMaker for several years. What it does is concatenate the site URL + username + master password and then generate a one-way hash. Then that hash is bounced against a character set to create the password.

    The trick here is that the actual passwords aren’t stored anywhere, just the parameters to generate them. And those parameters are adjustable nine ways to Sunday; length, character set, prefix, suffix (before or after hashing), etc. The generated passwords are just naturally nice, strong strings of gobbledygook. And, of course you can back up the parameter file and transfer between machines.Report

Comments are closed.