Last few days everyone is writing about passwords. How the most popular password last year was '123456', how it's all bad and that we all are idiots.
Let me tell you something - that's bullshit.
There are 2 types of resources: few important ones (my internet bank, company login, some RE forums, my blog, etc.) and the ones I don't really care about (2shared, codeproject and everyone else with mandatory registration).
For the important resources I have strong passwords. Unique ones with 8+ characters, mixed case letters, numbers and special symbols. You know the drill.
For everything else I'm using a throwaway email like Mailinator and password '123456'. Why? Because I don't give a crap. You want to crack my Codeproject login to download few files? Please do so. Hijack my Kickass Torrent account and post childish comment or two? Please. Use my account to download something from 2shared? Yeah, why not! I don't care! 🙂
So, next time someone runs around screaming about use of insecure passwords, ask yourself - where does this password list come from and who is this person making these statements? Maybe he just wants to sell you something?
Use a password manager such as {software_name} to organize and protect passwords, generate random passwords, and automatically log into websites
Right, let's make more FUD in effort to sell your software. Genius!
Stay cool, stay safe!
Totally agreed; I use the same tactics; unique strong and long passwords for the few sites that matter and throw away passwords for throwaway resources 🙂 And
Single-SignOn (also commonly promoted as a 'solution' for password-management) solutions are even worse; since hacking 1 system will give you access to all systems (accessible by the hacked account) AND you don't even need to get the password itself, just it's security token and have the SSO solution do all the work for you.... AND then there still is NTLM 🙂