Patrick is a mid-40 year old geek with an undergraduate degree in mathematics and a master's degree in Information Systems. Nothing he says here has anything to do with the official position of his employer or any other institution.

Related Post Roulette

14 Responses

  1. Will Truman says:

    I need to do my post on “How to organize your email and stay sane (or at least how I do and did)”

    It starts with 3a, though doesn’t end there.Report

  2. Chris says:

    That’s it! I’m building a cabin in the woods and dropping out.

    (Glad I can’t hear clapping over the internet.)Report

  3. Aaron david says:

    Excellent work, Patrick.Report

  4. Fnord says:

    Secure passwords are good to have. Password safes are a great way to facilitate their use.

    But using a secure password provides approximately zero protection against Heartbleed, and the many similar server-side vulnerabilities that have occurred in the past and are likely to occur in the future.Report

    • Patrick in reply to Fnord says:

      Good password management does cut down on your exposure, though.

      Plus, you need to get in the habit of changing your passwords anyway, as long was we’re stuck using them.Report

  5. dragonfrog says:

    At least for Android, there is an app calls PasswdSafeSync, which does what it sounds like – syncs your password safe to a cloud storage location. If you are like me and too lazy to properly manage manually copying the password safe off the phone and backing it up every time you add or change a password, that’s a reasonable next best thing.

    Also, for large changes, it’s way nicer to be able to use the desktop version of passwdsafe, with a proper mouse and keyboard. The updated version will then synchronize itself to your phone.Report

  6. dragonfrog says:

    Re (6) – Sadly, that’s both my banks.Report

  7. Troublesome Frog says:

    For #6: It’s amazing how bad real honest-to-God financial companies are at this stuff. My favorite one that I experienced fairly recently was that the password had to *start* with a letter. Clearly this wasn’t done to enhance security (and if it was, whoever thought it would is stupid), so what does it mean? What kind of funky code are they using that gags on strings that begin with a character other than a letter? Who knows how deep the rot goes?Report

  8. Road Scholar says:

    I’ve been using a program/plugin called PasswordMaker for several years. What it does is concatenate the site URL + username + master password and then generate a one-way hash. Then that hash is bounced against a character set to create the password.

    The trick here is that the actual passwords aren’t stored anywhere, just the parameters to generate them. And those parameters are adjustable nine ways to Sunday; length, character set, prefix, suffix (before or after hashing), etc. The generated passwords are just naturally nice, strong strings of gobbledygook. And, of course you can back up the parameter file and transfer between machines.Report