Comments on: Wishful Security Thinking http://mps.blog.webplumbers.com/2007/10/17/wishful-security-thinking/ Technical notes and societal musings Wed, 17 Oct 2007 17:37:49 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: admin http://mps.blog.webplumbers.com/2007/10/17/wishful-security-thinking/comment-page-1/#comment-24 admin Wed, 17 Oct 2007 17:37:49 +0000 http://mps.blog.webplumbers.com/2007/10/17/wishful-security-thinking/#comment-24 So here's the twist that I forgot to put in the entry... I never received a password in the mail. Did I elect a different option (I chose edelivery of everything) than you or was it intercepted? I'm not sure... so now I'm changing my random password to another random password. Sigh. I balance usability with a thumbdrive. :) So here’s the twist that I forgot to put in the entry… I never received a password in the mail. Did I elect a different option (I chose edelivery of everything) than you or was it intercepted? I’m not sure… so now I’m changing my random password to another random password.

Sigh.

I balance usability with a thumbdrive. :)

]]> By: William Dougherty http://mps.blog.webplumbers.com/2007/10/17/wishful-security-thinking/comment-page-1/#comment-23 William Dougherty Wed, 17 Oct 2007 16:50:25 +0000 http://mps.blog.webplumbers.com/2007/10/17/wishful-security-thinking/#comment-23 Thanks for the link Matt! Yes, yes, I know I shouldn't reuse passwords ever. Shoot me. I'm a user! The problem with most of the solutions you recommended are that they are not easily portable, and I use at least 6 different computers on a daily basis. By "common password," I meant a password based on an algorithm I use that allows me to remember different passwords for each site. For example (and this is not it!): combine the an acronym for the site name, with a number, such as an important date, and a special character...www.schwabplan.com might then become SCHWB1225! Hard to guess, easy to remember (who doesn't associate their 401K with Christmas?), and unique per site. Your advice is of course solid. Unique, random passwords are best, but you must always balance usability. And your random password still ain't worth a damn if Schwab writes it down and someone else intercepts it. -B Thanks for the link Matt!

Yes, yes, I know I shouldn’t reuse passwords ever. Shoot me. I’m a user! The problem with most of the solutions you recommended are that they are not easily portable, and I use at least 6 different computers on a daily basis.

By “common password,” I meant a password based on an algorithm I use that allows me to remember different passwords for each site. For example (and this is not it!): combine the an acronym for the site name, with a number, such as an important date, and a special character…www.schwabplan.com might then become SCHWB1225! Hard to guess, easy to remember (who doesn’t associate their 401K with Christmas?), and unique per site.

Your advice is of course solid. Unique, random passwords are best, but you must always balance usability. And your random password still ain’t worth a damn if Schwab writes it down and someone else intercepts it.

-B

]]>