Wednesday, June 1, 2016

If you want better and more secure Internet passwords . . .

. . . but don't want the complications, security hassles or expense of a password manager program, there's a simple and very effective way to get them.

Go to the Norton IdentitySafe Password Generator, enter the details it asks for, and click the 'Generate Passwords' button.  I'd suggest a minimum password length of 12 characters for greater security.  When the list appears, copy and paste it into a word processor document, then save it on your hard drive or print it out.  You can generate up to 50 passwords at a time;  for more than that, run the Generator more than once.  As you use each password, note the Web site or account that uses it, then cross it off the list of available passwords.

Short, sweet, simple, and pretty secure.  What's not to like?



Alligosh said...

I beg to disagree, but no. Please don't do that.

Storing passwords in a word file on your computer is just asking for anyone that can access your computer (either at the physical location, or remote attack, etc) to gain all your accounts in one nice, tidy file.

Password managers (or "Vaults") are either very inexpensive, or even free. Lastpass has a free version, and Keepass is opensource and totally free.

Any password manager will generate the passwords for you and store them all behind a single passphrase, while encrypting the entire group. They are simple to use, and secure.

Also, for those of us who are security conscience, it's also a good idea to not use the "cloud" to generate your passwords, in case the wrong people are watching.

HeroHog said...

That isn't near as secure as you would think and is hard to remember as well. I direst you to XKCD for a much stronger and easier to remember solution:

Snoggeramus said...

What's not to like? You lost me at 'Norton.' :-)

Joe in PNG said...

I prefer to take an old phone number, change some of the digits to similar letters, and others you hold down the shift key

Jeff B said...

The real key to password security is length. Not just throwing a capital letter or symbol, but length.

If one thinks of it in terms of bits of entropy, then as the length increases, the complexity increases exponentially. (This is overly simplified, but think of it as 2 to the power of the length... a 4 character long password, then, would be 2^4, or 16.)

Let's say I have a dog. Call the dog "Casey". If I use Casey as my password, that's 5 characters. If I use C@$3y, that's STILL only five characters (2^5).

If I use "MydogisCaseyandsheisbrownandblack" that's 33 characters (2^33).

This website gives you an idea of how long it would take to brute-force crack a password:

MydogisCaseyandsheisbrownandblack would take 336 Undecillion years.

Erik said...

I use KeePass myself. It's free and have both a desktop(/laptop) version and och for my smartphone. I can easily move the encrypted file between them, so i can add lots of accounts on my laptop with a real keyboard, and then access it on my smartphone.

It will generate passwords according to your specs, or you can add your own and have it checked. You can also add other information about the account, which is useful for example for bankaccounts, you can add the name of your contact and the phone number to the account details.

Not to mention that is supports copy and paste, so you can go into the manager and copy the long and difficult password and paste it into the login box. It makes it less likely that you will write a typo and more likely that you will use good passwords.

If you have lots of passwords to accounts you rarely log into, a password manager is pretty much a necessity. There's no way you will remember 50+ odd passwords to different accounts without it, so you'll end up re-using the same password to lots of accounts.

bmq215 said...

Please don't store your passwords in an unencrypted file. That's even worse than using several different semi-predictable passwords for your accounts. At least then criminals need to do a bit of guessing, rather than being handed the keys to the castle in one fell swoop.

I would be wary of any algorithm based "password generator". Perhaps they have a truly random source behind it but I see no reason to entrust things to a black box when you've got a perfectly good password generator sitting between your ears. Plus you have no idea what kind of trail your usage leaves in their database (probably none, but who knows?)

Length matters more than anything else. The three attacks you're trying to avoid against are A) thievery e.g. phishing, someone hacking Norton's database, or an intruder looking through your desk drawer for the list, B) a "brute force" attack where hackers try every possible character in every possible combination, and C) a "dictionary attack" which is essentially a brute force using dictionary words rather than single characters. The first is foiled by being smart and the last by simply not using common words. The toughest to deal with is a true brute force attack but luckily it doesn't take much entropy to go beyond the abilities of modern computers.

So just make up a long string of gibberish. Hell, it could even be a repeating character. Just don't tell us what it is.

LCB said...


Is 5 words enough??? LOL

Anonymous said...

What's not to like??? Ummmmm how bout Norton for starters....learned the hard way back in time....Soapweed

Anonymous said...

As stated in other comments, length is more important than something complex.

But do keep in mind what you are trying to protect. Adjust your password accordingly.