[PReinie]

Quote

I've thought that in the near future, we could all wear retinal-scanning laser glasses that would supply us with great 3D augmented reality vision, but also supply personal ID. Would also eliminate the need for debit/credit cards. Unless of course, hackers could obtain the retina scan data and use it against you?

They did something like that in one of the James Bond movies. The bad guy had an eyeball from the apprehended good guy. Thunderball, maybe? It had a downed aircraft with a nuclear device which the bad guys stole.

[PReinie]

I've been using this technique since the 90s, but with shorter character counts (8, 9 or 10), but mixing upper, lower and digits. Might have to up the length.

I keep the password hints (never straight text) in separate files, remembering only the most often used, like email.

I had to consult my macworld file to enter the password to log on for this comment. The hint is "you know #13" and I give a few numbers which differentiates it from other passwords using a similar base. If you don't know what "you know #13" is, having the hint file won't do you any good. I memorized my you knows.

For a while I was even using the US on-screen keyboard to enter the password in case a key-logger was running. I stopped because all my machines are clean. NoScript helps with that.

[Twas]

www.grc.com has excellent information on security, including passwords. Gibson Research shows that a long password with multiple types of characters (upper case, lower case, number, maybe special characters) is far superior to a shorter, random password -- see https://www.grc.com/haystack.htm. If you need to remember a password, use multiple words separated by a couple of numbers, with at least one upper case letter. This forces a brute-force approach to cracking the password, so total complexity is the most important element -- number of characters and number of possibilities for each letter.

[sergevolkoff00]

I definitely agree on the password management recommendation. It's practically impossible to pick secure, unique passwords for each site that you have an account on -- and then remember them later!

The 1Password generator seems useful. This is similar to OneLastPass (http://www.onelastpass.com), which I've been using for a while now, except that OLP extracts the password rules from sites automatically in order to create the most secure password that the site will allow. Also, OLP doesn't store the password or login information anywhere, but just re-hashes the master password with the URL every time to deterministically regenerate the password.

From a security standpoint, I think this is even better than LastPass (from which they obviously ripped the name!), since the latter stores the login/passwords on it servers. The risk of this is pretty apparent, since their servers were hacked last year (there's a summary on Wikipedia).

BTW, squid, I totally agree about the sites that disallow pasting of passwords. Even worse are sites like TradeKing that force you manually punch in your password using their onscreen keyboard!

Anyway, thanks for the insightful article.

[johnbrown]

I use TapIN for the iPad - it's just awesome!
http://www.macworld....ml#comment-form

[DHousehusbands]

Hi all, we have also created this easy way to remember the passwords. Hope it can be useful for you!
http://www.desperate...om/magic-words/

[max2013]

I use Intuitive Password. It supports all major browsers and mobile devices, you don't need to manually sync your data, the system does it automatically. The user interface is very nice too. Your data is securely stored on their cloud data center. It is completely free of charge, worth to have a try. https://www.intuitivepassword.com