I've been getting a trickle of "time to change your password" emails due to Heartbleed.
So once again, the issue of a good password strategy comes up. In the perfect world, I'd love the 2-factor approach: password + generated PIN. Especially if a single PIN generator could be used, like Google Authenticator. In addition, lots of sites let you login with Google, Facebook, Twitter and others. So if we have a small number of 2-factor providers, the hassle would be minimized. Why would this be useful? You could use a small set of passwords for various 2-factor providers and attach your several hundred logins to them. You could also use much simpler passwords, because password vulnerability would no longer completely expose you to the bad guys, unless they steal you mobile devices (phone, tablet, etc) Google has the notion of "trusted devices" which reduces the PIN annoyance on your own devices: laptop, phone, tablet etc. It also has backup passwords for apps/devices which cannot manage the 2-factor login. Its been fine for me for over a year. Is it time to migrate to 2-factor as much as one can? -- Owen
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
