Cartoon makes better password point than many security experts

Sick of passwords you can't remember? Not sure you trust password managers? A cartoon has some good advice for you.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

I've been using cryptic passwords since I cut my computing teeth on an IBM 370. I never liked using passwords like xkcd1234EMC2 though. They may have been more "secure," but they were hellish to remember. I still use them today, but the brilliant Internet cartoon xkcd by Randall Munroe has just shown me that I, and many security experts, have been idiots for years. Read the cartoon below and you'll see what I mean.

Password Strength cartoom by Randall Munroe

Password Strength cartoon by Randall Munroe


Munroe's perfectly correct. If you use a random nonsense phrase for a 'password' you will be able to recall it without fear and trembling and you will be safer from casual crackers. Of course, if you write your password phrases down on sticky notes on your monitor, you're still beyond help. But, hey so long as you avoid phrases such as "This is my password." you should be fine.

Of course, even with this method, you still have the problem of having dozens of Web sites that require passwords. You could use a single password phrase for all of them, but considering how quickly sites are being cracked for their passwords these days, having one password or pass phrase for all your sites is just asking to be cracked.

No, while using a pass phrase makes excellent sense-and I feel like an idiot for never realizing it on my own-you're probably still going to need a password manager.

If you feel better keeping your password safe and sound on your own PCs, I recommend RoboForm or IronKey Personal, If you want a password manager as part of a security suite, I recommend Norton Internet Security 2011 or Kaspersky Password Manager.

If you don't mind having your passwords out on the Web, I like LastPass. I can, and do, use this program on any and all platforms. And, since I use pretty much every operating system and platform out there, that's a good thing.

As you may recall, LastPass had some trouble recently, but the problem wasn't with them losing passwords, it was with them being too paranoid about a possible attack. The end-result was that the LastPass service was knocked off the Web for a short time.

For what it's worth, I trust LastPass. In the end, though, which password manager you trust is a call only you can make. All I know now is that you'll be a lot smarter if you use a four word password phrase than a dozen letters of gibberish for your password. Thanks Munroe.

Related Stories:

Death of the Password? Markus Jakobsson and Jason Perlow discuss with the CBC

AntiSec posts passwords from Apple survey server

Sony hacked again, another 1m passwords exposed

Opera beefs up password security

We interview LastPass CEO: the human price and the real truth

Editorial standards