When you force people to use hard-to-remember passwords, you’re actually forcing them to use bad passwords.
A billion people have written about this before, but I like my approach, so I’m sharing it in case someone else finds it useful. Most of my passwords go into a password manager; those are long and random and generated by the password manager and I don’t care whether they’re easy to type or memorable… Read More »
As I wrote earlier today, I just changed my password on over 300 Web sites. In the process, I encountered a large number of sites which simply don’t know how to do password security properly. Some of these sites are operated by major corporations which are entrusted by their users with confidential and sensitive personal… Read More »
“Hi, my name is jik, and I’m a password reuser.” “Hi, jik!” If there isn’t a “Password Reusers Anonymous”, there probably should be. By “password reuse,” I mean using the same password over and over on multiple Web sites. It’s a really bad idea, and I should know that better than most, since I’ve worked… Read More »