Ouch. In the past two days, the password for most accounts on LinkedIn, eHarmony and Last.fm we're leaked. True, we're talking about hashed passwords, but these were using horribly fast hashing functions (SHA-1 and MD5) with no salting. Put in less technical terms, if you used a password in those accounts anywhere else, change those passwords.
The trick isn't necessarily to use a too-difficult to remember password; a password with a few symbols and that is "unique enough" is sufficient. The trick is isolation: you must use different passwords for each web site. You use some kind of mnemonic to tweak a password for each site, but finding a good system that works can be difficult.
The bookmark provided by SuperGenPass is a good system, since it's code that runs in your browser that generates a password based on the web site's address and your secret password. Though this also has limits, especially for web sites that tend to use different addresses (Microsoft's Live tend to do that), or for passwords you want to keep for things other than web sites.
That's where password managers like KeyPassX and LastPass come in. They're essentially a password database encrypted by a single, main password. That way, you can generate one new password for each web site (the best passwords are those you don't remember, at least not directly). KeyPassX is "offline", in the sense that you'll have to make copies of the database yourself across computers or keep it on a USB key. LastPass, which I use, stores it's database on LastPass' servers (completely encrypted, of course), and synchronizes it across browsers and even cellphones automatically. Both are free, though LastPass has a paid subscription for its cellphone software and advanced features like Two-factor authentication.. Either ones are excellent solutions I would recommend.
Published on June 7, 2012 at 21:36 EDT
Older post: iPhone Case Overkill
Newer post: The Quick Death of Palm