How long can a Google Account password be?

Started by bill, April 08, 2011, 04:13:49 AM

Previous topic - Next topic

bill

Quote from: JasonD on April 14, 2011, 06:06:38 PMI'd rather have a few passwords - All "secure enough" with a couple of mega secure passwords - and use them appropriately depending on the place I log into. I know this all in my head so Last Pass, RoboForm etc isn't the weak link.
It's not just the security of the passwords themselves, you don't want to use the same passwords across sites. You never know when one of these places is going to be compromised. The recent Gawker site hack got one of my passwords, but it was unique to that site and couldn't be used elsewhere even if they could have figured it out.

bill

Perhaps I am a bit too trusting of some security people I know who have vetted LastPass. Everything appears to be encrypted locally before being sent off "home". I'm convinced that they couldn't do anything with the information that gets sent, otherwise I wouldn't consider having a weak link like this in the chain. The strong password I have on that account, plus the second factor authentication required to get at my account gives me some sense of security. You can choose from a random code matrix that you carry in your wallet, a USB key or a YubiKey. Someone could get my password, but not my account unless they had my key as well. If they've got me and my key then I have bigger problems to worry about.

That's my abbreviated calculation of using this particular app. But I agree that nothing is safer than your own noggin. Mine just isn't big enough to carry all of the passwords I want in the format I want. The best password is the one you can't remember in my book.

Like the Gawker example I mentioned before, it's just a matter of time before one of the sites with one of your "secure" passwords screws up. Then somebody has access to all of the sites where you used that particular login. I certainly understand it's a tradeoff.




ukgimp

I would not use programs like roboform. Don't trust them. Especially since my fear is that they might send all my passwords to someone, or could.

dogboy

Strong protection for weak passwords

The passwords of the future could become more secure and, at the same time, simpler to use. Researchers at the Max Planck Institute for the Physics of Complex Systems in Dresden have been inspired by the physics of critical phenomena in their attempts to significantly improve password protection. The researchers split a password into two sections. With the first, easy to memorize section they encrypt a Captcha – an image that computer programs per se have difficulty in deciphering. The researchers also make it more difficult for computers, whose task it is to automatically crack passwords, to read the passwords without authorization. They use images of a simulated physical system, which they additionally make unrecognizable with a chaotic process. These p-Captchas enable the Dresden physicists to achieve a high level of password protection, even though the user need only remember a weak password.

more:
http://www.eurekalert.org/pub_releases/2011-04/m-spf042011.php


eurotrash

Shouldn't that be the HTML5 <cough></cough> to work on an iPhone.