I’ve whined often about the password requirements of different sites over the years. Must be at least X characters in length, but cannot exceed Y characters. Must have at least three of A, B, C and D types of characters. All of J, K and L characters are prohibited. Cannot contain more than two repeating characters. Cannot contain your user name, birthdate, or social security number. Cannot contain any dictionary words. Must differ from any previous passwords by at least three characters. Must be changed every three nanoseconds. Cannot be any of the last 6.022×1023 passwords that you’ve used. Okay, maybe I made up the last two.
I still think it is stupid as hell. Especially when some of the most restrictive are sites that don’t really use or require any really sensitive data. But, if we’re going to participate online, we must play by whatever rules are in place.
Did I mention that online scams and identity theft should be capital crimes? If companies would invest the money they are happy to write off as fraud losses into putting bounties on these fuckers, that shit would stop in a hurry. Nigerian Prince Shithead defrauds someone to the tune of a million dollars. Put a million dollars on his head. Even my fat, old ass will hunt him down, mount his head on a pike, and bring the rest of his body in for that kind of coin. Mount a few heads, and dumbasses will find alternative ways to make money. But I digress.
Recently, I signed up for a password manager. I won’t name it, since I’m still getting used to it. I’m not sure whether I love it or hate it yet, and I want to give it some time before I express any sort of opinion.The idea is great. Have a program remember your passwords for you and have it pre-fill them as needed, like browsers try to do for forms, locally stored passwords, etc., but make it work on individual apps and across platforms, not just on one browser on one machine. Use one strong password to protect the lot of them. I have almost a hundred sites saved already, and I know that there are probably twice that many more that I haven’t entered yet for forums or sites that I seldom visit but where I still have an active account.
Anything can be hacked. Password managers would seem to be prime targets for hacking, since breaking a client’s master password or otherwise accessing their vault would give you all their sites and logins. The fucking mother lode. I’m sure that these companies take security seriously, but how many resources can they really afford to throw at ad-supported or trial versions with limited features? And let’s face it, that is what most people will use. Because money.
I’m beginning to think that a local, encrypted file and a paper notebook physically in my possession would be a better choice. Sure, Mr. TooFuckingLazyToGetARealJob can hack me with relative impunity. But what does he do if what he wants isn’t accessible online? Sure, he can easily find me. But does he have the intestinal fortitude to break into my home and take my computer, where he will still have to break the encryption to access my list? What about taking my notebook from my person? That carries the real possibility of physical violence. He will likely move on to an easier mark, and I will have won.
We live in an online world. Most of the time, it’s great living in the future. But nothing is completely safe. It’s all about managing risk. Risk versus convenience, in most cases. Is it worth having to thumb through my notebook before being able to check my bank balance? I think it might be.