Why I think strong password generators are a bad idea

22Aug/080

Why I think strong password generators are a bad idea

Recently in twit.tv's MacBreak Weekly, they advised about a simple technique to get secure passwords, by using openssl, then in another episode they talked about 1Password.

The advise was to generate a strong password and have your keychain manager remember it! Now, if you do follow that advise, and set up complex passwords, and have your keychain manager remember it, what happens if your keychain becomes corrupted due to any reason (or your hard disk crashes and you don't have a backup), you would be completely locked out of your accounts, because the password was too complex to remember. Or imagine your traveling and get your laptop stolen (happened to a friend recently), there is no way you can login into any service, because you don't remember the passwords any more. So are strong random passwords really a good idea??

I rather think, that phrases, you remember are better as passwords. Or if possible try to use openssl keys for identification. The best methods I've seen so far, and I think its pretty secure from keyloggers as well, is method used by my bank.

The site does not prompt for the entire password, rather, you have to type in certain characters in the password, for instance:

And every time you login the character a different set of characters is asked. This method is secure from keyloggers for sure, because no one will have an idea what character was asked.

Share and Enjoy: