On Apr 26, 2011, at 1:34 PM, Tina K. wrote: > > It doesn't have to be complex. Using a random generator such as RPG and > an *encrypted* password repository such as Pastor, PasswordWallet, > Keychain Access, 1Password, etc… provides good security without having > to resort to memorizing or writing them down.
Sigh. Never EVER EVER rely on a single encrypted source to remember important stuff like passwords. A plain text (as in written on a piece of paper!) backup, locked securely away is important. What if something happens to the encrypted file? You're SOL. (and that goes 10X higher if you're a compamny and it was the root password for the 'Accounts Receivable' DB.) "Hey look! 8-) it's sn0w1ng Macintoshes outside!" is AS SECURE as anything RPG will generate, because while it's true that a truly random password string is more secure against cracking, the passphrase chosen is secure enough. And more importantly, I NEVER need to write it down.... The bestest, mostest random password RPG will ever give you is USELESS if the method of cracking in doesn't involve cracking the password, but a social engineering attack, a MITM attack, a keylogger, etc. Far too many people fetishize long, random passwords as teh shizzle of computer security, when they're not (and there's not a whole lot of evidence that they've been all that good at preventing compromise in the first place, mainly because of the human element). This is why banks (among other reasons like people using 'password' for their passwords) have moved to multi-factor authentication. you need to enter your username/password AND the little picture needs to be correct; or they use RSA dongles. (themselves hacked at a higher level. RSA *claims* that SecurID is ok, but I'll wager there was a mass need for pants dry-cleaning there...<http://www.schneier.com/blog/archives/2011/03/rsa_security_in.html>) -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/g3-5-list
