The everyday agony of the password

By Rich Mogull, Macworld |  Security, passwords

You want an alternative? Use a passphrase with at least 15 characters. Something that you can remember, but that's so long that no automatic tool could ever brute-force its way through it. Perhaps a nice movie quote? Just make sure it isn't from a popular movie. Anything from Star Wars, Star Trek, Die Hard, or Jerry Maguire is off the list. Don't even think of going near The Princess Bride or the 1980s G.I. Joe TV show. Best to stick with something obscure--perhaps some Ukrainian post-expressionist new-age stop-motion noir. In the original Ukrainian--definitely not the Russian translation, and you know why. Then try to type it into your iPhone without a mistake within three tries before you lock yourself out of your account or, worse, erase the whole phone.

And, never forget that every time that you use the same password for two different sites, services, or computers, a kitten dies.

One password to rule them all?

Sure, you can always follow the recommendations that we here at Macworld have been harping on for years. Start by using a password manager like 1Password or LastPass that generate long random passwords for you, and protect them all behind one main, strong password. They work great; and once I bought 1Password, I stopped worrying about all those websites that I used Muppet83! for (I miss that dog).

Except for iTunes, of course. Apple requires you enter your password every time you buy anything, and sometimes prompts you for it seemingly at random, just to make sure you're paying enough attention. Or iCloud, which seemingly requires you reenter the password on every device, for every service, every time you're foolish enough to make the smallest alteration in your iMessage settings. On iOS you can't always jump away from the password prompt for system-level items, making it difficult to grab the correct entry from your password-management app and paste it in.

As for your even slightly less technical friends and family, good luck teaching them how to use a password manager and synchronize it reliably over multiple devices. Think about all the times when your password manager stored your full name as the username, or couldn't paste the password into the nice HTML slide-down login field, or couldn't associate a generated password with the proper login page. A mere annoyance for a technically proficient user is a game-ender for an average person who just wants to log in to a vegan cake-decorating forum safely.

At this point, don't even think about mentioning the Keychain Access Utility.


Originally published on Macworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question