Contact
Subscribe

Password hygiene

Mar 24, 2009
Uncategorized

After seeing a hack attempt on bugzilla.kernel.org’s password file, I got wondering “what if that had succeeded”. After looking at the stored password database in firefox, it turned out that I had been quite lazy and had reused my password for that site on many others. Spent a whole afternoon visiting websites to create unique passwords for every log in.

As my memory isn’t so fantastic, this means I now keep my passwords written down. The downside of this being a single point of failure (If someone gets this file, they have everything — though they’d need my gpg key & password to read it), is outweighed by the fact that as I don’t have to remember them, choosing longer passwords with more weird characters is possible. Though amusingly, quite a few websites don’t like passwords like 0N}nn:/6hai\h5eM, and complain that they aren’t secure enough.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

3 Comments
Tags

3 Comments

  1. dilinger  •  Mar 24, 2009 @12:25

    I find the current state of web passwords incredibly frustrating. I don’t need passwords for every blog site, news site, forum, and mailing list that I’m subscribed to. We really need some kind of browser tool that manages passwords on our behalf, with the ability to synch across multiple machines, and doesn’t require copying/pasting of passwords back and forth.

    Sigh.

  2. a9db0  •  Mar 24, 2009 @13:03

    Foxmarks can manage synchronizing passwords, bookmarks, etc across multiple installations of Firefox. Works well for bookmarks. For passwords, there is always a truecrypt container with a KeePassX data file stored on Dropbox. Convenient, as all of the passwords are available from the web. Secure, assuming you use three unrelated strong passwords for the three services, and easy, as all three have user friendly front ends.

  3. AdamW  •  Mar 24, 2009 @14:07

    I use a password manager, Revelation. If transportability is important, you can keep a copy of the database and a copy of Revelation (for Linux) and some Windows password manager (there’s a few) on a USB stick.