Wow, nice in-depth insightful post. Now I know all the pros and cons of password managers. I also like how his previous post praises LastPass as "a great product".
> I’ve been reading... and I’ve come to two simple conclusions: * Use strong passwords but remember them yourself; * Don’t store random, complex passwords that you can’t remember in a password manager; * Use Multi-factor authentication.
Author forgot some important bullet points:
(a) Make them unique across hundreds of services
(b) Change them on regular intervals
(c) Make them conform to arbitrary password rules without sacrificing memorability (length limits, bizarre character restrictions, etc)
> I’ve worked out a system for creating a complex but still easy to remember password...
Unfortunately these extra requirements make any 'clever' scheme to generate secure passwords insufficient, in my view anyway.
Yeah, passwords managers suck, passwords suck, 2-factor can really suck, security questions suck. They suck, but sometimes they're the right tool for the job.
2 comments
[ 3.4 ms ] story [ 12.5 ms ] threadAuthor forgot some important bullet points:
(a) Make them unique across hundreds of services (b) Change them on regular intervals (c) Make them conform to arbitrary password rules without sacrificing memorability (length limits, bizarre character restrictions, etc)
> I’ve worked out a system for creating a complex but still easy to remember password...
Unfortunately these extra requirements make any 'clever' scheme to generate secure passwords insufficient, in my view anyway.
Yeah, passwords managers suck, passwords suck, 2-factor can really suck, security questions suck. They suck, but sometimes they're the right tool for the job.
EDIT: formatting