[GRLUG] hacked

[Mike Williams]

The key word there is passwords, plural, not password, singular. Yes, if 
you can't memorize a single password then you have problems. But 
expecting a human to recognize twenty different, unique, unguessable 
passwords is asking a lot. Especially if it's one that you will only 
need every few months. How many separate, random passwords can you keep 
in your head, and how do you keep track of which one goes with which site?

The problem is that if you only have one password, or a multiple-tier 
system where you maintain three or four, then if one of those sites is 
compromised, so is the information in all the other sites where you used 
that password. LastPass and similar systems save you from this by 
forcing you to remember just the one good password, easily within the 
capability of most adults, and use that one to unlock unique passwords 
for everything else. If one of those sites is compromised and the 
password database stolen (which happens far more often than it should) 
then the rest of your passwords are safe.

On 07/27/2011 06:23 PM, Adam Tauno Williams wrote:
> On Wed, 2011-07-27 at 16:59 -0400, Mike Williams wrote:
>> I second the LastPass suggestion. It's really the only viable way to
>> maintain complex, unguessable, and unique passwords without having
>> some kind of mutant password-memorizing superbrain.
> Huh, I must have one of those.
>
> Just to go on record: I dismiss the notion that an adult human can't
> trivially memorize a ten character 'random' string as total and absolute
> bull crap.
>
> If you have trouble memorizing a ten character string you should
> immediately make an appointment with a mental health professional;  soon
> it will be an inability to memorize eight characters, then six
> characters, then you'll get lost finding your way home [which requires
> the equivalent of terabytes of information].
>
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.