The Usability of Passwords
April 24, 2011 6:32 AM Subscribe
"Security companies and IT people constantly tells us that we should use complex and difficult passwords. This is bad advice, because you can actually make usable, easy to remember and highly secure passwords. In fact, usable passwords are often far better than complex ones."
Not sure if your password is secure? How Secure Is My Password will tell you exactly how many years it will take for your password to be cracked. And, if you need help coming up with a more secure password (old school complex style), this video can help. Once you've made your secure password, keep it secure. Use Punchcast, developed by MeFi's own Lanark to create a unique password for each website you log into.
Not sure if your password is secure? How Secure Is My Password will tell you exactly how many years it will take for your password to be cracked. And, if you need help coming up with a more secure password (old school complex style), this video can help. Once you've made your secure password, keep it secure. Use Punchcast, developed by MeFi's own Lanark to create a unique password for each website you log into.
This post was deleted for the following reason: poster's request -- jessamyn
Ummm... did you just post a phishing site?
posted by anotherpanacea at 6:41 AM on April 24, 2011
posted by anotherpanacea at 6:41 AM on April 24, 2011
oops. The howsecureismypassord.net domain expired yesterday & got picked up by a domain squatter.
posted by pharm at 6:41 AM on April 24, 2011
posted by pharm at 6:41 AM on April 24, 2011
Also, yeah: typing your password into a website form is a really bad idea...
posted by pharm at 6:42 AM on April 24, 2011 [1 favorite]
posted by pharm at 6:42 AM on April 24, 2011 [1 favorite]
I have a very secure password, but goddamn if my university doesn't force me to change it every three months.
posted by anotherpanacea at 6:44 AM on April 24, 2011
posted by anotherpanacea at 6:44 AM on April 24, 2011
The analysis in the linked article has little to do with how passwords are actually compromised these days. I recommend you disregard any advice given.
posted by ryanrs at 6:47 AM on April 24, 2011
posted by ryanrs at 6:47 AM on April 24, 2011
My solution to the secure password problem has been to use pwgen to generate reasonable passwords, which I then write down somewhere secure just in case I forget them. Then I type the passwords in by hand whenever I need them, using the offline copy to jog my memory if necessary: After a few repetitions I usually find that the password has embedded itself into my subconscious & I don't need to think about it any more.
posted by pharm at 6:50 AM on April 24, 2011
posted by pharm at 6:50 AM on April 24, 2011
That's weird -- I'm seeing a normal page for howsecureismypassword...and the website works with the Internet turned off, so feel free to turn it off while testing your password...as I understand, it doesn't send anything back to the server.
The analysis in the linked article has little to do with how passwords are actually compromised these days. I recommend you disregard any advice given.
He's posted a more recent article defending his earlier position; not sure if it addresses that point.
posted by Deathalicious at 6:52 AM on April 24, 2011
The analysis in the linked article has little to do with how passwords are actually compromised these days. I recommend you disregard any advice given.
He's posted a more recent article defending his earlier position; not sure if it addresses that point.
posted by Deathalicious at 6:52 AM on April 24, 2011
hey if you guys tell me your checking account routing number i'll check to make sure nobody's stolen any money from there seriously okay now i'm checking it omigod you guys somebody just stole a bunch of money from your account!
posted by (Arsenio) Hall and (Warren) Oates at 6:54 AM on April 24, 2011
posted by (Arsenio) Hall and (Warren) Oates at 6:54 AM on April 24, 2011
Just to be very clear—this article is a joke. The author is basically clueless.
Between the bad info in the article and the suggestion to send your passwords to random web sites, this is a dangerously bad FPP. Deathalicious, I suggest you ask the mosts to delete it.
posted by ryanrs at 6:56 AM on April 24, 2011 [2 favorites]
Between the bad info in the article and the suggestion to send your passwords to random web sites, this is a dangerously bad FPP. Deathalicious, I suggest you ask the mosts to delete it.
posted by ryanrs at 6:56 AM on April 24, 2011 [2 favorites]
Okay, fair enough. As I've noted, the "How Secure is My Password" website doesn't send passwords anywhere, but if you feel like that establishes bad practices then I can see why it's a bad idea.
posted by Deathalicious at 6:57 AM on April 24, 2011
posted by Deathalicious at 6:57 AM on April 24, 2011
How do you know where it sends passwords? If I were trying to collect passwords, I'd only serve up malicious code to 1% of visitors, and then only after seeing a particular referrer more than 1000 times that day (i.e. only after it hits some popular blogs).
posted by ryanrs at 7:01 AM on April 24, 2011
posted by ryanrs at 7:01 AM on April 24, 2011
« Older BBC Radio 4 Collections | Artis Gilmore elected to NBA Hall of Fame Newer »
This thread has been archived and is closed to new comments
posted by Deathalicious at 6:38 AM on April 24, 2011