Are passwords obsolete ?

Doug Gentges doug.gentges at gmail.com
Sat Aug 30 10:25:03 CDT 2014 

My 4 easy suggestions for dealing with passwords:

1.  If it's available, use 2-factor authentication for important accounts,
especially your e-mail.  Remember, your e-mail is generally the password
reset mechanism for all your other accounts.  If an attacker compromises
your e-mail, they can get in to about anything else.  The Google 2-factor
for GMail is easy to set up and use if you have a smartphone.

2. Use unique passwords for each site.  this is really hard if you don't
use a password manager, and really easy if you do.

3. Use a password manager.  A password manager makes it super easy to use a
unique, secure password for each site.  Then use the longest password that
each site supports. I just generated one, and my new password is
XWIH at og^y$h&o^n2OKNgL2wl
 I sure wouldn't be able to remember that, or have to type it in even if I
didn't have to remember it, but it's exactly the same complexity as what I
use for my e-bay and amazon accounts.

I use lastpass.com because I like their transparency with respect to how
the system works and the way that they have reacted to things like
heartbleed.  They have a free tier which works on the desktop, but the
"premium" which includes support for smartphones is only $12/year. There
are a bunch of other options too, including dashlane and keepass.

4. Protect your password manager with a truly strong, random password.  You
only need one, so it's not too bad if it is long.  My personal preference
is to use the diceware algorithm (www.diceware.com  You'll need a 6 sided
dice) to generate my master password. A 7-word diceware pass phrase is
pretty much immune to brute force, (at 10^13 guesses/second, it would take
54 billion years)

Doug


On Sat, Aug 30, 2014 at 8:43 AM, Andre Kesteloot <akesteloot at gmail.com>
wrote:

> so, Gentlemen of Erudition, what are your recommendations ?
>
> 73
> André N4ICK
>
>
> On Fri, Aug 29, 2014 at 7:26 PM, Louis Mamakos <louie at transsys.com> wrote:
>
>>
>> On Aug 29, 2014, at 7:01 PM, Rob Seastrom <rs at seastrom.com> wrote:
>>
>> > You, the end user, of course have no control over the clue factor at
>> > the various online services you may use, and you also don't know what
>> > kind of baddies might work for that company to do some kind of inside
>> > job, so re-using passwords across multiple services ought to be on
>> > your "do not want" list.
>>
>> And when you set or change your password at some web site, and they
>> then send you a confirmation email WITH YOUR PASSWORD IN THE CLEAR, you
>> can pretty much be sure the clue factor is non-existent.   Feh.
>>
>> louie
>> wa3ymh
>>
>> _______________________________________________
>> Tacos mailing list
>> Tacos at amrad.org
>> https://amrad.org/mailman/listinfo/tacos
>>
>
>
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://amrad.org/pipermail/tacos/attachments/20140830/c64689df/attachment-0001.html>

More information about the Tacos mailing list