Friday, January 03, 2014

Forget your weak passwords

Like everyone else on the internet, I hate passwords. I wish everyone would let me login with my existing accounts like this:
identity provider login
But they don’t, so I have two passwords. My strong password which I use for my email and banking, and my weak password which I use on the rest of internet sites. Today I realized I don’t need to use a weak password. Most sites have a password reset feature that sends you a mail, and if you click the mail you can change your password whenever you want so: Use a random password for sites that do their own authentication and forget th password!
  • Whenever you want to login, request a password reset.
  • Click on the link on your email, which will take you to a reset screen.
  • Make a random password and copy it to your clipboard
  • Use the password on your clipboard to set a new site password and login.
Because of password reset feature, access to your email account is really access to all of your accounts so: Guard your email password
  • Make your email password is random and complex.
  • Use two factor authentication (sms/authentication app)
  • Never re-use your email password.
Enjoy forgetting your weak passwords!

2 comments:

Dzmitry Lahoda said...
This comment has been removed by the author.
Dzmitry Lahoda said...

Yours workable solution.

I use next (may be some will visit this page and choose):
1. Very complex service dependent(e.g. if this is PayPal then could append p2a2y1l1) passwords I use only in secured portable browser(other then that I use for daily browsing) for finance and banking.
2. Complex date (could add year and month and Chinese year according some rule) and service provider dependent for mail and other authentication providers. I use totally different for Microsoft and Google.
3. Very simple and may be year dependent for untrusted or throwaway sites which do not allow usage of authentication providers.
4. Very complex password for local encryption different from any other online passwords, e.g. while using Truecrypt.