Home > cultural, management, software > Password Strength

Password Strength

November 10th, 2011 Leave a comment Go to comments

I personally use 1password to generate, manage and backup my passwords. This lead to a controversial discussion today, because some people felt uncomfortable with the idea to upload all your passwords (albeit encrypted) to the cloud. Some interesting articles:

Good Bye Passwords (in German):
http://blog.koehntopp.de/archives/3085-Sag-zum-Passwort-leise-Tschuess….html

Awesome article about password strenght and password management:
http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html

Password entropy calculator:
http://rumkin.com/tools/password/passchk.php

Most of my passwords are 50 characters long and thus not easily guessable (> 256bit entropy using the calculator above). How do you handle your passwords?

  1. jens
    November 11th, 2011 at 02:45 | #1

    I have only 5+ main pw and some mutations of them (all > 8 chararcter), maybe 12-15 altogether and they are all stored in my brain. Ok sometimes it feels like a cloud but I won’t upload them to any of these services.

  2. November 15th, 2011 at 10:47 | #2

    I also don’t like the idea of cloud-storage at all. It is great for sharing data, but not if it is stored somewhere out of my control. Most data stored there might become sensitive at some time, pictures will might get a problem in month or years but passwords are sensitive in the moment they are stored.

    Most of my low security password are easily to remember for myself so I don’t need technical assisitance (i commonly use my systems hardware configuration like cpu + cpuspeed + memory or something like that). For more sensitive or seldom used passwords I use Keepaas which is available for all Platform I need it. The file is stored on my own server and is synced between machines using Teamdrive at the moment, but I am willing to switch to Sparkleshare using my self hosted git repository.

  3. December 14th, 2011 at 06:58 | #3

    I’m using Simplevault, on a webserver of my own, via https & password protected. So, instead of sending it to “the cloud” I have my own little password “cloud” (well, a “raindrop” really, “simplevault” is really small).

  1. No trackbacks yet.