Results 1 to 8 of 8
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Location
    Toronto
    Posts
    81
    Thanks
    6
    Thanked 2 Times in 2 Posts

    Is it wise to use complicated, auto-generated passwords?

    I use LastPass and almost all the time I am very happy with it. However, I don't allow it to generate complicated passwords for me, for this reason: Once in a while I visit a website that I've been to before, and LastPass does not fill in my password for me. I haven't been able to figure out why. Maybe the webpage has been redesigned, maybe now there's a popup sign-in window--I'm not sure if there's a single consistent reason for the problem appearing. Whatever the reason, I would be in trouble if the password had been one of those impossible-to-remember strings generated by a computer, so I continue using my old system, repeating the same password for all my accounts that aren't terribly important. I know it's a bad practice from a strictly security standpoint, but it helps deal with the occasional circumstance when my password manager fails me. Is my assessment of the problem off the mark? (Hmm, maybe I should go to my LastPass "vault" online, and dig up the password there.) I haven't heard this problem mentioned before.

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,426
    Thanks
    16
    Thanked 212 Times in 180 Posts
    Hi David,
    I use long complicated pw's for certain things i.e. my wireless wpa2, others I create myself and can even remember some of them. All are stored separately as a txt file then zipped with a password. I personally don't use password managers.
    George's PC Specs. / Laptop. Desktop.

  4. #3
    mart44
    Guest
    I often use LastPass generated passwords and then change a random letter or number or two just to be sure it hasn't been logged anywhere. Providing LastPass has offered to save the login details and done so, then there should be no trouble with it logging into the site with the generated password on future logins. However, as you say, sometimes there is and there's no chance of you remembering the generated password used.

    As a safety measure, I copy/paste the generated password and chosen username for the site into a text file on the Desktop. Then, if LastPass doesn't offer the login details, they can be copied/pasted into the login fields and the login button clicked. LastPass should re-ask you if you want to save the login details. Answer 'Yes' and all ought to be OK from then on. This has worked for me on most occasions.

    If you haven't copied/pasted the login details into a text file, you can always get them from the LasPass Vault and save them to a text file. Then try the above procedure.

    As an aside, I read an interesting article about password 'padding'. This basically says that a password such as 'Do9ysffgY8W0sM04' isn't necessarily as secure as this (<--Apass|w0rd-->), which might be easier to remember. The non word and number bits are the padding. More here under the heading 'Password Padding' (scroll down the page a bit):

    http://www.anotherwindowsblog.com/20...passwords.html

  5. The Following User Says Thank You to mart44 For This Useful Post:

    DavidToronto (2012-02-09)

  6. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 930 Times in 851 Posts
    For those sites that do not automatically fill the password try this:

    Click on LastPass drop down arrow. Near the bottom you will find the site you are presently on. Highlight it and another drop down box will open with alternatives. Choose Autofill. Voila, it gets filled.

    LastPassAutofill.jpg

    Using this method even the auto generated complex passwords can be used easily. For any site that contains any type of confidential info YES it is a good idea to use complex, hard to guess passwords.
    Last edited by Medico; 2011-09-08 at 20:42.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  7. The Following User Says Thank You to Medico For This Useful Post:

    DavidToronto (2012-02-09)

  8. #5
    mart44
    Guest
    I came across this idea for creating and remembering passwords a while ago:

    http://www.passwordcard.org/en

  9. #6
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,614
    Thanks
    7
    Thanked 231 Times in 219 Posts
    As I use KeePass I can always retrieve the saved password manually, then I can decide how to apply it to the web site / program. This means I can always use generated passwords.

    The only problem with generated passwords is that not every site / program tells you what it accepts as a password. I have often used 20 character passwords, only to find out the developer only allows 8 or 10 characters from a very limited set. Pity they don't teach basic security to developers.

    cheers, Paul

  10. #7
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    235
    Thanks
    4
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by mart44 View Post
    I came across this idea for creating and remembering passwords a while ago:

    http://www.passwordcard.org/en
    This has been mentioned before. I am a LastPass user.
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  11. #8
    mart44
    Guest
    Thanks for that rgrosz. I notice a counter point of view on its security a bit further down the thread (post 38). It would be interesting to see it put to the test.
    Last edited by mart44; 2011-09-12 at 00:26.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •