Ah, the P'word, that peesky memory test. As this blogger ages like cheap wine, his mental acuity is dwindling day-by-day. The constant reminder is the error message that accompanies a p'word entry to gain access to this or that web site. Of course, a request to reset the p'word presents more memory-hurdles: the security questions that no one else could answer. If this is a (fair & balanced) perennial Catch-22, so be it.
[x Slate]
Two Stupid Password Tricks
By Doug Harris
Tag Cloud of the following piece of writing
This isn’t a post telling you that you should use a different password for every site, that you should use multifactor authentication for your email, or that you should use a password manager to store strong passwords. You should do those. (And you should eat less dessert, exercise more, and call your mother. — [See Above.])
This is a post to share two stupid password tricks that will make your online life a little more secure without the (perceived) hassle of those other measures.
The first stupid password trick is a way to improve the “security questions” that sites have you set up in case you need to recover your password. What’s your mother’s maiden name? What street did you grow up on? Who was your first-grade teacher?
The idea is that only you will know the answer to these questions. By answering them correctly, the site verifies that you are you and lets you reset your password.
Ask Sarah Palin how that worked out for her. The flaw is that you aren’t the only person who knows the answer to these questions. It’s not just the public figures who are vulnerable. We’re all Googleable, and those #TBT posts on Facebook and Twitter could give away a lot about your early years. Someone who’s determined to get access to your email can do a little research and unlock your account.
My trick? Lie and keep telling the same lie.
Don’t give correct answers. Use the same stupid answer for all of your security questions. (If you’re worried you’ll forget the stupid answer, store it in a password manager.)
Stupid password trick No. 2 was inspired by a friend’s tweet:
My first reaction to this was, “Why aren’t you using a password manager?” But the more I thought about this, the more I think this password dance is really a simple method of implementing something like one-time passwords. Why use a memorable password at all?
Choose something really random, don’t worry about saving it or remembering it, and force the site to re-authenticate you through email!
You get security without the need to add random sites to a password vault and don’t need to install LastPass or anything new.
A few caveats:
These password tricks are stupid. They’re the equivalent of justifying the calories of the ice cream sundae by parking on the far side of the parking lot. It’s better than not, but you can do more.
You should exercise more, call your mother, and take stronger measures to secure your online existence. Ω
[Doug Harris is Slate's Chief Software Architect. He received a BA (cognitive science) from Vassar College.]
Copyright © 2014 The Slate Group
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright © 2014 Sapper's (Fair & Balanced) Rants & Raves
No comments:
Post a Comment
☛ STOP!!! Read the following BEFORE posting a Comment!
Include your e-mail address with your comment or your comment will be deleted by default. Your e-mail address will be DELETED before the comment is posted to this blog. Comments to entries in this blog are moderated by the blogger. Violators of this rule can KMA (Kiss My A-Double-Crooked-Letter) as this blogger's late maternal grandmother would say. No e-mail address (to be verified AND then deleted by the blogger) within the comment, no posting. That is the (fair & balanced) rule for comments to this blog.