↝ OWC / MacSales.com... ↜
↝ diglloyd Deal Finder... ↜
Buy other stuff at Amazon.com...
Password Managers (General)
MPG strongly recommends use of a password manager as both more convenient and far more secure than the de-facto practices used by most:
- Weak passwords (bad!): easy to guess/compromise, but also easy to remember and enter, which accounts for the popularity of passwords like using a dog’s name (“lassie”), or birthday (june29) or “12345” or a favorite movie (“BladeRunner”). See Toward Better Master Passwords.
- Password re-use: using a password for more than one web site. This is very real danger yet many users do so. It is particularly risky given that many web sites continue to store plaintext (unencrypted/unhashed) passwords in web-accessible areas, a negligent practice.
- Mobile devices: mobile devices strongly encourage weak passwords by making it tedious to use mixed case and letters and symbols.
Many risks abound in accessing web sites, here is a simplified sampler:
- Low quality passwords that can be discovered via dictionary or brute force attacks, especially if there are no protections against rapid and repeated login attempts.
- Negligent web sites that store passwords in the “clear” (rather than one-way hashes).
- Compromise of a password used for multiple purposes exposes a user to risks everywhere the password is used.
- Insecure WiFi nodes or similar, where hackers can pretend to be the real web site, capturing passwords without being noticed.
Password are a real headache for most of us: good passwords are tedious to type and hard to enter without errors, and good ones are hard to remember. Moreover, the job is even more tedious with mobile devices like iPhone, where mixed-case requires extra steps to toggle between upper/lower case and punctuation/numbers—a strong incentive to use a low quality (awful) password consisting of lower-case letters or similar.
Your author worked as a software engineer in security for a time—PGP, having implemented an encrypting driver for Mac OS, and managed a team of engineers there.
Password managers lock up passwords with one “master” password. Some have been awkward to use, and some have had their own security flaws and as a result your author had been reluctant to use a password manager.
But after some use and study of Agile Bits 1Password, MPG uses 1Password, and now strongly recommends 1Password to readers (other competing programs have not been evaluated and MPG makes no pro or con statement on them).