Why your password can’t have symbols—or be longer than 16 characters | Ars Technica
Why your password can’t have symbols—or be longer than 16 characters | Ars Technica: “The password creation process on different websites can be a bit like visiting foreign countries with unfamiliar social customs.”
(Via. @lars on App.net)
When I was young, I remembered everything. Now I am old, and I remember nothing. And I’ve surrendered to password madness. I’ve stored all my passwords in safe since 2007, with my encrypted data file in Dropbox, so I can access it from any machine that runs Ruby. This way, I have to remember only one password, which is long and complex and just onerous enough to type that I feel safe without feeling overburdened.
Unfortunately, neither my iPhone nor my iPad can run safe, so I bought 1Password and supplement my safe usage with that. I even use the same onerous password for 1Password that I use for safe, but for some inexplicable reason I used a different password on my iPhone that I no longer remember, so it’s useless to me. I should delete everything and reload, but I’m ashamed to admit I did that once before.
For the website I work on for my employment, we have several different environments with different user IDs and passwords that expire more rapidly than I can type, so I just reset them everytime I log in and mash the keyboard like a Whack-A-Mole for my new passwords that I’ll never remember.
Our new lunchroom food system got smart, though–the automated checkout system eschews passwords for thumb scans. No passwords stand between me and Coke Zero!
I’ve seen similar rsiirecttons but still consider the security sufficient ifa) you have some random login number that you write downb) your account gets blocked after 3 tries.If the login number was your account number it could be used for denial of service, so I prefer a random number.Of course someone could still steal your hashed password from the bank and brute-force it which is easier for simple password.But then this is not much easier than installing a trojan, staging a man in the middle attack or sniff your password by other means.