Passwords

I’ve whined often about the password requirements of different sites over the years. Must be at least X characters in length, but cannot exceed Y characters. Must have at least three of A, B, C and D types of characters. All of J, K and L characters are prohibited. Cannot contain more than two repeating characters. Cannot contain your user name, birthdate, or social security number. Cannot contain any dictionary words. Must differ from any previous passwords by at least three characters. Must be changed every three nanoseconds. Cannot be any of the last 6.022×1023 passwords that you’ve used. Okay, maybe I made up the last two.

I still think it is stupid as hell. Especially when some of the most restrictive are sites that don’t really use or require any really sensitive data. But, if we’re going to participate online, we must play by whatever rules are in place.

Did I mention that online scams and identity theft should be capital crimes? If companies would invest the money they are happy to write off as fraud losses into putting bounties on these fuckers, that shit would stop in a hurry. Nigerian Prince Shithead defrauds someone to the tune of a million dollars. Put a million dollars on his head. Even my fat, old ass will hunt him down, mount his head on a pike, and bring the rest of his body in for that kind of coin. Mount a few heads, and dumbasses will find alternative ways to make money. But I digress.

Recently, I signed up for a password manager. I won’t name it, since I’m still getting used to it. I’m not sure whether I love it or hate it yet, and I want to give it some time before I express any sort of opinion.The idea is great. Have a program remember your passwords for you and have it pre-fill them as needed, like browsers try to do for forms, locally stored passwords, etc., but make it work on individual apps and across platforms, not just on one browser on one machine. Use one strong password to protect the lot of them. I have almost a hundred sites saved already, and I know that there are probably twice that many more that I haven’t entered yet for forums or sites that I seldom visit but where I still have an active account.

But…

Anything can be hacked. Password managers would seem to be prime targets for hacking, since breaking a client’s master password or otherwise accessing their vault would give you all their sites and logins. The fucking mother lode. I’m sure that these companies take security seriously, but how many resources can they really afford to throw at ad-supported or trial versions with limited features? And let’s face it, that is what most people will use. Because money.

I’m beginning to think that a local, encrypted file and a paper notebook physically in my possession would be a better choice. Sure, Mr. TooFuckingLazyToGetARealJob can hack me with relative impunity. But what does he do if what he wants isn’t accessible online? Sure, he can easily find me. But does he have the intestinal fortitude to break into my home and take my computer, where he will still have to break the encryption to access my list? What about taking my notebook from my person? That carries the real possibility of physical violence. He will likely move on to an easier mark, and I will have won.

We live in an online world. Most of the time, it’s great living in the future. But nothing is completely safe. It’s all about managing risk. Risk versus convenience, in most cases. Is it worth having to thumb through my notebook before being able to check my bank balance? I think it might be.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Passwords

  1. Steve says:

    Hi,
    Regarding passwords, I’d recommend two links that made a lot of sense to me.
    1) From the Human Factors engineer who worked on the design of the Apple Mac, Bruce Tognazzini writes about the factors going into security including passwords,
    and
    2) Noted security researcher Bruce Schneier writes about choosing secure passwords, and maintaining them. He changed my opinion about writing them down, at least in my house & for less than total security (banks, etc) accounts.

    — Steve

  2. Steve says:

    Hi,
    Regarding passwords, I’d recommend two links that made a lot of sense to me.
    1) From the Human Factors engineer who worked on the design of the Apple Mac, Bruce Tognazzini writes about the factors going into security including passwords,
    and
    2) Noted security researcher Bruce Schneier writes about choosing secure passwords, and maintaining them. He changed my opinion about writing them down, at least in my house & for less than total security (banks, etc) accounts.

    — Steve

  3. bbuddha says:

    In my house we have both forms going. My significant other uses a password manager. i use a notebook. my safety is, even if they find the right notebook and the right page then they have to decide which of the many passwords i have written down are in use currently. They aren’t in order. I can remember the password when i see it
    I agree with you that ID theft should be a capital crime. and the victim should be able to choose the means

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s