Andre Robatino: > If you use a password manager, you can use a different strong random > password for each site, and copy and paste it. Fifty characters is > just as easy as 8, and means you don't have to worry about changing > the password again (unless a website like Socialsecurity.gov forces > you to, and they should eventually stop doing that). That's all very well as long as you only use one device. When you have several computers, devices, using other people's equipment, etc., password managers soon become their own pain. So people use an on-line password manager, and create a single-point of failure for multiple accounts. Tim: >> Really, what ought to get tightened up is the software accepting logons. >> There should be a limited number of attempts (3 goes and your out for a >> significant time limit). Any system that lets a cracker hammer away >> with repeated attempts is the thing that is broken. > That works as long as the website isn't hacked. A different problem. Though perhaps related, it depends on how the site was hacked. If they let someone peck away at it, it's down to the same problem. Sites really need to stop storing your passwords, then need to keep something that can only be used to confirm correct authentication, and not be reverse engineerable to discover the password. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
