I took me while to figure out what it was – I’d opened the App Store on his Mac right before I left to see if his machine was eligible to upgrade to Mavericks and I forgot to close it. For example, last weekend after we left from visiting he sent me a very concerned email that he had a very large popup that was from Apple and was demanding that he upgrade to Mavericks. Ken is quite clever and is a fabulous resource on investment advice, but he is completely stymied when things don’t act predictably on the computer. I know, all I have to do is click on the LastPass icon in the browser toolbar, search for the site and select password, but it’s an extra step beyond the magic it can sometimes do. Some sites use a popup that evidently is completely invisible to LastPass and it doesn’t enter anything at all. It worked flawlessly with LastPass as my browser plugin!īut then I went to my credit union and they expect the user name on one page and after you click go only then do you get to enter your password, so LastPass gets confused (oddly it doesn’t enter the user name but does enter the password). ![]() That meant grabbing a computer, going to /authorize, selecting Verizon FiOS as my ISP and then entering my username and password. I think I’m getting close to talking them into this but then I got to thinking – how well will they adapt to the less than perfect experience you get with these password managers? Today we switched AppleTVs around in our house so when we went to HBO Go to play Game of Thrones it asked for an authorization code. Having all that information in one place is a concern and so far I’m just barely getting a crack into them that their own ability to create and safely secure a good set of random passwords is much worse than the possibility of something like LastPass or 1Password even being able to be cracked. However, Steve’s parents are so security conscious that they don’t yet trust the idea of a password manager. He was delighted that there was an easy solution to making it secure. With Password Haystacks I was able to show him how padding his password with some meaningless special characters (even repeating characters) took it in to the hundreds of centuries to crack if he doubled it in length. Even substituting a number for one of the letters didn’t take more than moments to crack in an offline scenario with a good compute server. I like this tool because it helped me illustrate how a password generated by the first letter of every word of a phrase isn’t all that hard to crack since it was only 8 characters long. I’ve showed him Steve Gibson’s Password Haystack where you can learn what the effect of adding more characters and more types of characters can do to affect how long it takes it to get cracked. ![]() Ken and I have spent a great deal of time discussing what makes a good password, and he trusts my advice on how to strengthen his own. Steve’s parents are VERY security conscious and like all of us struggle with multiple passwords.
0 Comments
Leave a Reply. |