Slashdot Mirror

← Back to Stories (view on slashdot.org)

Coping with the Avalanche of IDs and Passwords?

Posted by Cliff on from the information-overload dept.

Bitwick asks: "The number of web sites and other systems I need IDs and passwords for is finally becoming overwhelming. Right now, I tend to use a small selection of IDs and passwords. I know this isn't an ideal situation, but so far it has been the most practical. However, it has become clear to me that this needs to change. I am planning to get a USB keyfob and a password manager to keep track of my IDs and passwords. What experience have you had with password managers? What's good, what's bad, what features are important? Are there other reasonable and secure alternatives?"

3 of 120 comments (clear)

  1. Password algorithm by spineboy · · Score: 4, Insightful

    You can have a different password for each site if you make an algorithm for your password that involves the website. I.E have a standard password and add a few letters of the sites name, or add game to it if it is a game site, pron if it is that type of site, etc - Be creative and make it easy and it should work for you.

    --
    ..........FULL STOP.
  2. Re:From another /. story... by fmaxwell · · Score: 2, Insightful

    You do realize that to 99.99% of Slashdot readers, including those who make their living as software engineers, that's completely incomprehensible, don't you? That's the reason why they invented comments.

  3. Re:Pick a few by Sancho · · Score: 2, Insightful

    A long and obscure password means you are probably never going to be brute-forced. Good for you. But shorter, unique passwords for each site is better for security for your average person.

    Crackers don't want your login and password--they want any login and password--precisely because so many people reuse passwords across multiple sites. If they manage to recover your password through a site hack or phishing scam (yes yes, you're on Slashdot, you're not going to fall for one of those) or a cross-site scripting attack, all your sites are now compromised. Your 20 character password means diddly.

    An different 8 character password that will survive a dictionary attack for each site you use would be orders of magnitude more secure. As I said, no one wants your password (if you happen to be the president or a particularly "important" person, forgive my belabouring of that point). No one's going to brute-force your password, they're going to try common passwords for multiple usernames or simply hack the site to recover it. Having a password that will survive a dictionary attack solves the first problem, and not using the same password at every site mitigates the damage caused by the second problem.