Comments on: Dealing with password fatigue

By: Mike Sweeney

Mike Sweeney — Mon, 31 Aug 2009 21:23:34 +0000

On a daily basis we see people working harder than they have to in order to cover password complexity. The suggestions listed above would make it easier to remember the passwords as well as to generate new ones. Just because there is a minimum password length, that does not mean that your password has to be that. Often times passwords are BETWEEN 8 and 12 characters, not 8 characters no more, no less.

By: Brian Wahoff

Brian Wahoff — Fri, 28 Aug 2009 17:01:02 +0000

Those are both good points. In practice, I’ve found sites that disallow the space character in passwords. I think this is primarily caused by sloppy password validation mechanisms that ignore whitespace. Thankfully, these sites seem to be few and far between.

The latest version of KeePass for Windows has a few very cool protection mechanisms. In addition to password (or passphrase) authentication it can also require a keyfile to be available. This forms a pseudo two factor authentication. I’ve heard of people using a favorite mp3 or movie as their keyfile.

It can also use the windows account guid as a seed for the file encryption, so that file is only available to a given windows account.

By: Chuck Rock

Chuck Rock — Fri, 28 Aug 2009 16:52:07 +0000

I would also consider a few other things regarding passwords. If you’re a bad guy trying to figure one out, a space in the password can make it almost impossible to guess or crack. Using a space for some reason also makes the typical “random” password much easier to remember. Something like SD0I12d would require some training, but “SD0 I12d” becomes easy to say, remember and hard to crack.

I agree with the password manager program, but you should guard that file as if your life depends on it. If someone is able to get it and open it, all the passwords in your life are available to them.