Choosing Secure Passwords

// January 13th, 2007 // Security & Privacy

Bruce Schneier has written an excellent essay on choosing secure passwords. This isn’t an anecdotal finger-shaking exercise, it’s specific technical advice on what composes a secure password and how to create one.

As he points out, the best password in the world won’t stop an attacker from exploiting the inherent security weakness of the underlying operating system, but hey, at least you did your part, right?

What I’d like to see is another article on a viable system to actually record/encrypt/remember the hundreds of passwords many people have to remember. I use a PGP-encrypted text file. The weakness there is I have to have a copy of my password file, PGPFreeware, and my private PGP key installed on whatever PC I need to retrieve my password on. So this works great for systems I access regularly and control access to. Not so great when I’m offsite somewhere or working with third-party systems. It’s also highly-technical and labor-intensive for the average person so this method would never be widely adopted.

Of course there are lots of software solutions. But I’d like to see someone do an exhaustive report on the methods and software solutions of saving passwords and what’s both reasonable and works best for the non-techie population.

Leave a Reply