Comments about ‘Secret security: The only password you'll ever need’

Return to article »

Published: Thursday, Feb. 6 2014 4:00 a.m. MST

Comments
  • Oldest first
  • Newest first
  • Most recommended
DonP
Sainte Genevieve, MO

Either this problem is solved, or this will be the end of the Internet as we know it. People are not going to put up with all the hassle. So you have 500 passwords in a box with only one password. That means you have one password.

andyjaggy
American Fork, UT

The problem is websites force you to use arbitrary and ridiculous passwords in order to be "more secure" lots of random symbols and numbers instead of words, forming passwords that are near impossible to remember. If you do the math a password such as "ilikesushialotfordinner", is much much more secure than "Tre$i66Ft", and is a whole lot easier to remember.

Troy Hunt
Sydney, 00

The problem with regards to andyjaggy's comment about maths is that unfortunately this view completely neglects to consider uniqueness. Whilst ilikesushialotfordinner is a fine password in isolation, once it's disclosed and made available to a password dictionary it is forever more compromised. Now you need unique phrases which gets increasingly difficult to commit to memory. People try applying patterns related to the site the password is created on but this then becomes difficult when it needs to be changed. Many sites also disallow certain characters (such as letters - banks and airlines are major culprits of this) or have very limited allowable lengths (there are many sites demanding 10 or less characters).

This is why I advocate a password manager: once the passwords you create for sites are no longer constrained by your mental capacity, the entire process because very simple and massively more secure.

Kalindra
Salt Lake City, Utah

Here is the question I have about password managers - if all your passwords are in the password manager, which can be accessed from any device anywhere, doesn't that mean that if someone figures out which password manager you use, they only have to figure out that one password to have access to all your accounts? How is that different from having just one password for all your accounts - someone still only has to figure out one thing in order to hack you totally.

It seems to me that password managers actually don't really do much to increase your security.

I like the idea of a generic password for one time sites or sites where security does not matter so much (such as online comment boards) and unique passwords for sites that need to be more secure. Dual authorization is also a fantastic way to go for sites that have more personal information.

I know it. I Live it. I Love it.
Provo, UT

Kalindra,

There is a problem still.

I wouldn't suggest putting all your passwords in one place with one master password, because it's only as secure as having one password. But there is still a difference. It is still worse to use the same password for everything.

Here's a potential example.

Name: Sally Faker
Email Address: soccermom1975@fake-email
Username: soccermom1975
Password: cheesecake

Now let's say Sally uses that same user name and password for:
* Amazon
* Gmail
* Your Bank
* PayPal
* John-Doe-Recipes

If John Doe created his recipe site ONLY to get people's user name's and passwords... then once you sign up with your email address, he can now use that info to get into your email. Then he can not only order stuff with your "payment info on file" but he can access your bank account and potentially do more damage than some simple fraudulent charges.

At very least, use a different password for your email account than you do everything you sign up for with that email account.

Chad S
Lorton, VA

1Password is only good if you take your laptop everywhere with you. What if you want to check your bank statement from a friends computer? Good luck if you have a randomized 38 character password generated by 1Password. Some accounts require passwords that are easy to remember. Period. So, it makes sense to change those more frequently. I'm hoping that Apple will figure out a way to get the fingerprint scanner on the iPhone 5 into their laptops for additional security.

I know it. I Live it. I Love it.
Provo, UT

Chad S,

HP figured out how to add fingerprint scanners years ago. My 4 year old laptop already has one.

You're just looking in the wrong place. ;)

to comment

DeseretNews.com encourages a civil dialogue among its readers. We welcome your thoughtful comments.
About comments