Cranky on the Web – Managing Passwords

Admin

In the Trenches: Managing PasswordsSmall Business Center
I hate passwords. But they’re a necessary evil.

Get Cranky in Your Inbox!

The airline industry moves fast. Sign up and get every Cranky post in your inbox for free.

13 comments on “Cranky on the Web – Managing Passwords

  1. Thanks for your email. I will be out of town from February 27 – March 3, 2015 . If you need immediate assistance, please call the office.

  2. I hate them too – but I started to use 1Password a couple of months ago. It works very well, and is well worth a look….. (I have no interest in them whatever!) It did take me a while to get used to it. After you set it up, you can use it equally well on your PC (Mac) and smart phone.

    1. Indeed. 1Password is absolutely brilliant. Using their password generator, every site I have a password for has a unique, random, alphanumeric string. So I only have to know a small number of memorable-but-secure passwords (my 1Password password, and I have a password that I remember for the login for my main computer). And because AgileBits (the company that makes 1Password) is focused essentially entirely on password security, they worry about the details to make 1Password’s password database secure. They also have an excellent blog that explains the technical issues very clearly, which is very helpful in trusting their algorithms.

      I use it smoothly on my Mac and two iOS devices.

  3. I know nothing about password management sites, but it sounds like something that you keed all your passwords at, which to me means if they get hacked, someone now knows all your passwords.

    Sometimes paper and pencil sound better at managing things. I write usernames/passwords down but will use a hint which will remind me of what the password is for that site but has nothing to do with the actual password.

    1. Another vulnerability in many cases is the password has to be copied and pasted into the password box depending on the service. This is why it is far easier to use a Yubikey, which is a dongle that can be used to generate a secure password that is impossible to guess, but can be used across multiple websites. The dongle itself acts like a USB keyboard so everytime you hit the button on it, it puts in the password with no copy and paste. Also on many websites it can be an important part of two factor authentication.

    2. David, I have literally hundreds of passwords and pins after 20 years on the Internet. No way I could manage that securely with pen and paper.

      1Password gets my five star endorsement as a happy customer,

      SplashID gets my zero star non-endorsement after long-time use (prior to 1Password). They have had severe issues in their implementation that resulted in laughingly weak encryption. And one of their upgrades lost a lot of customers their data.

    1. lastpass rocks … it works on every device i use (windows, mac, chromebook, android, ios, windows phone), mostly transparently. it is as reasonably secure as such a service can be, and they’re proactive about when other services have password-related exposures. also, it’s dirt cheap.

  4. Cranky, how do you deal with revoking passwords from former employees? Those communal passwords seem to be a potential problem.

    1. Olver – Well, that’s why I wrote this up this week. We let someone go on Monday and this became a concern. The most important systems all have individual users, and those were revoked before the conversation was had.
      The communal password sites are all cataloged, so we know what needs to be done. We changed all of those when the employment change occurred. It’s a big headache, but hopefully it’s not something we have to do often. (If people leave on their own and are going to steal stuff, they’ll do it before they tell you they’re leaving. So it’s really people we let go that are the potential concern.)

  5. I do not see where I can post on a new subject. I know this does not pertain to the subject, but..United Airlines lost my luggage ( again ). Yesterday at 2PM they informed me that I would get it delivered in 6 to 10 hours to my home. It is now noon the following day. I have called twice in the past several hours, and I get a recording that says my luggage is in route from the airport to my home. While I was at DFW waiting to find out my bags fate, I noticed there was about 20 bags sitting on the carousel abandoned. I mentioned it to the poor, overwhelmed guy trying to help people like me, and he said they(United) would not give him any help. ANYONE could walk off with ALL of those bags. Nobody cares. And DFW constantly announces to not leave bags unattended. I assume that does not pertain to United.

  6. A University of Toronto prof is developing a substitute for passwords based on your cardiac rhythm. It is in the preliminary stages of commercial development, but you would have your unique cardiac signature recorded and be used as a unique identifier to access all your accounts. On to the future!

Leave a Reply to Alex Hill Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Cranky Flier