Secret security: The only password you'll ever need

Return To Article
Add a comment
  • I know it. I Live it. I Love it. Provo, UT
    Feb. 9, 2014 9:34 p.m.

    Chad S,

    HP figured out how to add fingerprint scanners years ago. My 4 year old laptop already has one.

    You're just looking in the wrong place. ;)

  • Chad S Lorton, VA
    Feb. 9, 2014 5:34 p.m.

    1Password is only good if you take your laptop everywhere with you. What if you want to check your bank statement from a friends computer? Good luck if you have a randomized 38 character password generated by 1Password. Some accounts require passwords that are easy to remember. Period. So, it makes sense to change those more frequently. I'm hoping that Apple will figure out a way to get the fingerprint scanner on the iPhone 5 into their laptops for additional security.

  • I know it. I Live it. I Love it. Provo, UT
    Feb. 9, 2014 4:29 p.m.


    There is a problem still.

    I wouldn't suggest putting all your passwords in one place with one master password, because it's only as secure as having one password. But there is still a difference. It is still worse to use the same password for everything.

    Here's a potential example.

    Name: Sally Faker
    Email Address: soccermom1975@fake-email
    Username: soccermom1975
    Password: cheesecake

    Now let's say Sally uses that same user name and password for:
    * Amazon
    * Gmail
    * Your Bank
    * PayPal
    * John-Doe-Recipes

    If John Doe created his recipe site ONLY to get people's user name's and passwords... then once you sign up with your email address, he can now use that info to get into your email. Then he can not only order stuff with your "payment info on file" but he can access your bank account and potentially do more damage than some simple fraudulent charges.

    At very least, use a different password for your email account than you do everything you sign up for with that email account.

  • Kalindra Salt Lake City, Utah
    Feb. 7, 2014 3:28 p.m.

    Here is the question I have about password managers - if all your passwords are in the password manager, which can be accessed from any device anywhere, doesn't that mean that if someone figures out which password manager you use, they only have to figure out that one password to have access to all your accounts? How is that different from having just one password for all your accounts - someone still only has to figure out one thing in order to hack you totally.

    It seems to me that password managers actually don't really do much to increase your security.

    I like the idea of a generic password for one time sites or sites where security does not matter so much (such as online comment boards) and unique passwords for sites that need to be more secure. Dual authorization is also a fantastic way to go for sites that have more personal information.

  • Troy Hunt Sydney, 00
    Feb. 6, 2014 3:14 p.m.

    The problem with regards to andyjaggy's comment about maths is that unfortunately this view completely neglects to consider uniqueness. Whilst ilikesushialotfordinner is a fine password in isolation, once it's disclosed and made available to a password dictionary it is forever more compromised. Now you need unique phrases which gets increasingly difficult to commit to memory. People try applying patterns related to the site the password is created on but this then becomes difficult when it needs to be changed. Many sites also disallow certain characters (such as letters - banks and airlines are major culprits of this) or have very limited allowable lengths (there are many sites demanding 10 or less characters).

    This is why I advocate a password manager: once the passwords you create for sites are no longer constrained by your mental capacity, the entire process because very simple and massively more secure.

  • andyjaggy American Fork, UT
    Feb. 6, 2014 2:07 p.m.

    The problem is websites force you to use arbitrary and ridiculous passwords in order to be "more secure" lots of random symbols and numbers instead of words, forming passwords that are near impossible to remember. If you do the math a password such as "ilikesushialotfordinner", is much much more secure than "Tre$i66Ft", and is a whole lot easier to remember.

  • DonP Sainte Genevieve, MO
    Feb. 6, 2014 10:51 a.m.

    Either this problem is solved, or this will be the end of the Internet as we know it. People are not going to put up with all the hassle. So you have 500 passwords in a box with only one password. That means you have one password.