[Macworld]

Post your comments for How to remember passwords (and which ones you should) here

[danviento]

Personally, I'd add one more type of password to your list to memorize: Bank Accounts.

Not that it should be simple, but there have been many times when I've needed to access financial data while at work or a place where I don't have my personal computer.

Having these memorized, but not stored, ensures that even if someone does get past the myriad layers of protection, direct access to your accounts isn't available except for what's in your head.

Some might say that this is risky because they won't be random enough, but my financial institutions don't limit my passwords to number or type of characters, so mine can have all of the odd capitalization, numerals and punctuation that a random password generator gives you. And if you think typing 20+ characters is tedious, I can tell you it goes much quicker after the first dozen or so logins. Now, I can type them off while mult-itasking without even thinking about them.

Just my 2 cents.

[Gunni]

What is the point of those sites which will not allow you to cut and paste a password into their username/password boxes?

I don't see how that adds any security. It is in fact a disincentive to using a strong password generator like 1Password.

I think that happened to me when I tried to log into Google Drive. I tried several times to type in the long and complicated password generated by 1Password but finally gave up in disgust and deleted Google Drive from my Macs.

[bastion]

Gunni, on 28 November 2012 - 05:48 AM, said:

What is the point of those sites which will not allow you to cut and paste a password into their username/password boxes?

It takes one line of JavaScript for a web page to get the contents of your clipboard, after which it has any number of opportunities to communicate it back to a remote host. Disallowing paste into password fields is an attempt to discourage people from putting their passwords on the clipboard in the first plce, thus exposing them to malicious sites.

[BryanVines]

Quote

It takes one line of JavaScript for a web page to get the contents of your clipboard, after which it has any number of opportunities to communicate it back to a remote host.

I did not know that. Somehow I figured the clipboard was immune from that sort of thing, but now that I think on it, I know of sites that will (helpfully, and with my consent) populate the clipboard with, say, a company's contact information.

Thanks for the reminder!

[Andyz]

I have found that old addresses (from long ago), or that of a favorite relative can create great passwords and because street names and capitalized first letter and most addresses have a random number. So 29SouthsideWalk or even #1302thritysecondst10001 will fox most attempts and be memorable.
FYI I have found Password Wallet and excellent iPhone/iPad, MAC client

[hayesk]

I just wish Apple offered a password API in iOS, so 1Password could be integrated with Safari on iOS.

[BigBopper]

In the backup topic, you should talk about back ups of the encrypted password storage of applications like 1Password. Especially if you use generated passwords, it will be difficult to recreate them if the file is damaged or lost.

Besides my general back up procedures, I use both the desktop and iPhone versions of 1Password and sync them. That way, I not only have a back up copy, but I have the passwords available when I am away from home.

[bastion]

BryanVines, on 28 November 2012 - 06:30 AM, said:

Quote

It takes one line of JavaScript for a web page to get the contents of your clipboard, after which it has any number of opportunities to communicate it back to a remote host.

I did not know that. Somehow I figured the clipboard was immune from that sort of thing, but now that I think on it, I know of sites that will (helpfully, and with my consent) populate the clipboard with, say, a company's contact information.

Thanks for the reminder!

To be fair, some newer browser releases will pop up a warning and give you a chance to deny access, but I'm not sure when various programs got that behavior and there are certainly people still using older versions of the ones that do have it.

It's also, for what it's worth, trivial to do it in an unobtrusive local program and in that case the user won't see a warning. The way the clipboard works on all modern systems there's no practical way to distinguish legit vs illicit access. Writing a global keylogger is a piece of cake, but it's not especially more difficult to specifically watch for paste commands (both menu and key), check to see if the target application is a browser, check to see if the clipboard contents are a relatively short string and only then logging it, hugely improving the signal-to-noise ratio over a traditional logger. As a bonus, because you've massively reduced the amount of data captured it'll be much less noticeable when you surreptitiously transfer it back to your system.

[wjackman]

Another password that must be memorized is your Apple password, since you use it for iTunes and the Mac App store and 1Password doesn't work with those. Then there's the password for your computer's user account, and the additional accounts on your other computers if you have more than one... I have 1Password and love it, but it still leaves a lot of passwords to remember.

[piratepinion]

I once read a tip to remember passwords, which I have used ever since: think of a sentence that makes sense to you, and then take the first letters of all the words in the sentence. You can make it as easy or difficult as you like, with letters, numbers, other characters, etc. For instance:

I have a blue Volvo which I bought in 2012!

gives you the password:

IhabVwIbin2!

This password is virtually impossible to remember, but every time I have to use the password I just say the phrase in my head while I type and there you go!

Obviously, this is not to replace any of the other security measures that you should take; it's just a way to create difficult passwords that are easy to remember...

[AndrewLyons]

All we need to do now is stop sites all having different maximum and minimum lengths of passwords and different allowed punctuation characters. The lack of standardization makes password creation & recall harder than it should be.

[worldsapart]

Quote

Another password that must be memorized is your Apple password, since you use it for iTunes and the Mac App store and 1Password doesn't work with those. Then there's the password for your computer's user account, and the additional accounts on your other computers if you have more than one... I have 1Password and love it, but it still leaves a lot of passwords to remember.

I use 1Password and am able to access Apple's iCloud, their developer site and other password protected Apple websites. Now, I cannot paste a password into Apple's websites directly, but 1Password can do this. For iTunes & Mac App store, I can copy the password from 1Password and paste it in iTunes.

[SirBaldy]

Passwords make me cranky.

Granted, it's the technology that we have, here and now, so I cope...
BUT
having to use passwords *at all*, having to change them, having to memorise them, is a giant pain in the posterior.

Maybe a skilled MacWorld writer can research what progress has been made in tech that will allow us to ditch passwords forever(?)