Cranky on the Web – Managing Passwords

In the Trenches: Managing PasswordsSmall Business Center
I hate passwords. But they’re a necessary evil.

Get Posts via Email When They Go Live or in a Weekly Digest

Leave a Reply

13 Comments on "Cranky on the Web – Managing Passwords"

avatar
Sort by:   newest | oldest | most voted
john851
Guest

Thanks for your email. I will be out of town from February 27 – March 3, 2015 . If you need immediate assistance, please call the office.

Ed
Guest

I hate them too – but I started to use 1Password a couple of months ago. It works very well, and is well worth a look….. (I have no interest in them whatever!) It did take me a while to get used to it. After you set it up, you can use it equally well on your PC (Mac) and smart phone.

Alex Hill
Member
Indeed. 1Password is absolutely brilliant. Using their password generator, every site I have a password for has a unique, random, alphanumeric string. So I only have to know a small number of memorable-but-secure passwords (my 1Password password, and I have a password that I remember for the login for my main computer). And because AgileBits (the company that makes 1Password) is focused essentially entirely on password security, they worry about the details to make 1Password’s password database secure. They also have an excellent blog that explains the technical issues very clearly, which is very helpful in trusting their algorithms. I… Read more »
David SF eastbay
Member

I know nothing about password management sites, but it sounds like something that you keed all your passwords at, which to me means if they get hacked, someone now knows all your passwords.

Sometimes paper and pencil sound better at managing things. I write usernames/passwords down but will use a hint which will remind me of what the password is for that site but has nothing to do with the actual password.

Sean S.
Guest

Another vulnerability in many cases is the password has to be copied and pasted into the password box depending on the service. This is why it is far easier to use a Yubikey, which is a dongle that can be used to generate a secure password that is impossible to guess, but can be used across multiple websites. The dongle itself acts like a USB keyboard so everytime you hit the button on it, it puts in the password with no copy and paste. Also on many websites it can be an important part of two factor authentication.

Olver
Guest

David, I have literally hundreds of passwords and pins after 20 years on the Internet. No way I could manage that securely with pen and paper.

1Password gets my five star endorsement as a happy customer,

SplashID gets my zero star non-endorsement after long-time use (prior to 1Password). They have had severe issues in their implementation that resulted in laughingly weak encryption. And one of their upgrades lost a lot of customers their data.

Alex Hill
Member

AgileBits themselves (the 1Password company) can’t decrypt your data without your master password. https://guides.agilebits.com/1password-mac-kb/5/en/topic/forgot-master-password

The data are pretty clear that the risk of having insecure password (or passwords written down on a piece of paper) is larger than the risk of having secure password stored with a modern encryption algorithm.

BattleAxe
Guest

One word: Lastpass

Works across devices. totally secure.

Life changer.

Henry
Guest

lastpass rocks … it works on every device i use (windows, mac, chromebook, android, ios, windows phone), mostly transparently. it is as reasonably secure as such a service can be, and they’re proactive about when other services have password-related exposures. also, it’s dirt cheap.

Olver
Guest

Cranky, how do you deal with revoking passwords from former employees? Those communal passwords seem to be a potential problem.

Charles King
Guest
I do not see where I can post on a new subject. I know this does not pertain to the subject, but..United Airlines lost my luggage ( again ). Yesterday at 2PM they informed me that I would get it delivered in 6 to 10 hours to my home. It is now noon the following day. I have called twice in the past several hours, and I get a recording that says my luggage is in route from the airport to my home. While I was at DFW waiting to find out my bags fate, I noticed there was about… Read more »
kelty
Member

A University of Toronto prof is developing a substitute for passwords based on your cardiac rhythm. It is in the preliminary stages of commercial development, but you would have your unique cardiac signature recorded and be used as a unique identifier to access all your accounts. On to the future!

wpDiscuz