Fiendishly complex password app extension ships for iOS 8 AgileBits wants more apps to use 1Password's strong passwords, and has released an extension on github to that end. The idea is that app developers can grab the extension, write a few lines of code into their apps, and allow their app users to create strong passwords during registration. Naturally, this would also push users …
am i the only one feeling uneasy about handing the key to various apps/websites to 1 single company?
i haven't decided if its a good or bad idea, something akin to having all my cash in 1 place (where i can keep an eye on it) or spread out all over the place (where a loss doesn't have such a big impact)
I've been using LastPass for a while now, seems pretty robust across ios / mac / windows / usb key using chrome and safari. It creates 'random' passwords as required, mine are mostly 20 characters long as a minimum, providing the site allows.
As for handing keys to one company, the local copy of LastPass encrypts the keys before syncing through the central server with each platform. The '1company' only has access to the encrypted usernames/passwords and never sees the encryption key, with AES256 it's about as safe as required. It's certainly safer than using the same 8 char password with multiple sites which is what I used to do.
It's been said many times before, but frankly I'd rather websites and apps stop forcing users to use strong passwords when the content they secure is worthless. Sure my bank should require a strong password, and paypal, and e-bay, and e-mails, and maybe even facebook (uuugh). Although two factor security would be far more reasonable: like gmail has (and paypal can afford to send me a text message to my mobile). Other websites essentially just keep my information private, and that's not worth much. I propose 4 classes of website - privacy, store account (without payment details retained), e-mail and social presence, payment/banking. I see no reason as to why privacy should be maintained by a unique strong password.
...because in the real world not all websites will fit nicely into your categories and some will move from one to another depending on how they and/or your use of them changes over time.
Rather than manage this change, it's easier and more secure to have unique and strong passwords for everything. There are lots of ways to manage them now - KeePass, LastPass etc...
Currently the weakest password that I use is in fact at my bank. They still insist that passwords are not case sensitive, and won't allow "special" characters.
But they do provide significant added security by demanding to know my mother's "maiden" name.
Try Virginmedia's borked e-mail set-up - e-mail passwords, must be between 8 and 10 characters long, must start with a letter, cannot contain spaces. And apparently some word combinations are forbidden. Trying to generate something secure is horrendous.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
