Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Permalink for comment 542104
To read all comments associated with this story, please click here.
RE[5]: make 'm long
by Laurence on Mon 12th Nov 2012 09:15 UTC in reply to "RE[4]: make 'm long"
Laurence
Member since:
2007-03-26

(sorry for replying to you over two posts - i didn't spot the 2nd half of your reply until I'd already responded)

I'm not talking about security through obscurity, but the relative unlikeliness that a password written down will be any less safe.

Your hacked Paypal account was not hacked because you wrote down your password and it was copied somehow. None of the hacking cases, as far as I know, was because they wrote down the password.

Which is what "security through obscurity" means. I do sympathise with your sentiment, but discussing the likelihood of being targeted or having a stored password located does fall under security through obscurity. and while you are right that the likelihood is low, I'd rather offer up some genuine security advice instead of luring people into complacency. After all, unlikely scenarios do haven all the time.

The advice I have was to use a hash generator to provide a random password. This way you don't need to store passwords as you only need to remember 1 password (and the salt, but the salt will be your application / website name) and from that you can just generate your password each time you need to log in and you can guarantee to have the same password for that service each time.

Thus with my method, you have a random, unique and secure password for each service - and not be forced into a position of having to write your passwords down. it's a win-win.

Edited 2012-11-12 09:16 UTC

Reply Parent Score: 2