Well, yet another scare today ... an email to me from the name of someone I know but from a bogus email address. You know: "best friend" <[email protected]>.
So I've looked into cranking up the password security a bit. It seems that the two most important ideas are: 1 - Long passwords 2 - Unique passwords, different for each site I realize password managers (keepass, 1password, ..) can generate gibberish passwords, any length you'd like. But it'd be nice to be able to remember them yourself. Besides, password managers don't work everywhere in these days of the "app" because they are browser centric. So looking into common pw formulas, like http://healthypasswords.com/ & lifehacker http://goo.gl/hZ5rB propose, the site specific stunt is something like: az@xxxxx!yyy "sandwich" where I have a core xxxx or set of them, with prefix/postfix identifiers. In this case, az for amazon, and yyy for something else like b00ks. And yes you can scramble where az goes etc, but once a formula is seen, it's not going to be that hard to figure it out for google etc. Thus, even tho long and unique, it still could be fragile. So the choice does appear to be either a password manager and gibberish, or a nifty, human rememberable system that may be fragile. Has anyone tried the two-factor stunt? Google uses sms & your phone. I don't know what it would be like to use, but many sites lately allow you to login via google, facebook and others, so if the google login is 2-factor secure, maybe that's a good solution? Seems like it might be a pain and fail if your phone isn't working. -- Owen ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
