PUBLIC SERVICE MESSAGE

Avatar

Patrick

Patrick is a mid-40 year old geek with an undergraduate degree in mathematics and a master's degree in Information Systems. Nothing he says here has anything to do with the official position of his employer or any other institution.

Related Post Roulette

14 Responses

  1. Avatar Will Truman
    Ignored
    says:

    I need to do my post on “How to organize your email and stay sane (or at least how I do and did)”

    It starts with 3a, though doesn’t end there.Report

  2. Avatar Chris
    Ignored
    says:

    That’s it! I’m building a cabin in the woods and dropping out.

    (Glad I can’t hear clapping over the internet.)Report

  3. Avatar Aaron david
    Ignored
    says:

    Excellent work, Patrick.Report

  4. Avatar Fnord
    Ignored
    says:

    Secure passwords are good to have. Password safes are a great way to facilitate their use.

    But using a secure password provides approximately zero protection against Heartbleed, and the many similar server-side vulnerabilities that have occurred in the past and are likely to occur in the future.Report

    • Avatar Patrick in reply to Fnord
      Ignored
      says:

      Good password management does cut down on your exposure, though.

      Plus, you need to get in the habit of changing your passwords anyway, as long was we’re stuck using them.Report

  5. Avatar dragonfrog
    Ignored
    says:

    At least for Android, there is an app calls PasswdSafeSync, which does what it sounds like – syncs your password safe to a cloud storage location. If you are like me and too lazy to properly manage manually copying the password safe off the phone and backing it up every time you add or change a password, that’s a reasonable next best thing.

    Also, for large changes, it’s way nicer to be able to use the desktop version of passwdsafe, with a proper mouse and keyboard. The updated version will then synchronize itself to your phone.Report

  6. Avatar dragonfrog
    Ignored
    says:

    Re (6) – Sadly, that’s both my banks.Report

  7. Avatar Troublesome Frog
    Ignored
    says:

    For #6: It’s amazing how bad real honest-to-God financial companies are at this stuff. My favorite one that I experienced fairly recently was that the password had to *start* with a letter. Clearly this wasn’t done to enhance security (and if it was, whoever thought it would is stupid), so what does it mean? What kind of funky code are they using that gags on strings that begin with a character other than a letter? Who knows how deep the rot goes?Report

  8. Avatar Road Scholar
    Ignored
    says:

    I’ve been using a program/plugin called PasswordMaker for several years. What it does is concatenate the site URL + username + master password and then generate a one-way hash. Then that hash is bounced against a character set to create the password.

    The trick here is that the actual passwords aren’t stored anywhere, just the parameters to generate them. And those parameters are adjustable nine ways to Sunday; length, character set, prefix, suffix (before or after hashing), etc. The generated passwords are just naturally nice, strong strings of gobbledygook. And, of course you can back up the parameter file and transfer between machines.Report

Leave a Reply

Your email address will not be published. Required fields are marked *