For Internet users, the week of April 6 was undoubtedly one of the most annoying and harrowing in recent history. OpenSSL's Heartbleed bug was simultaneously patched and publicized on April 7, and over the next few days, we learned that our login credentials for a great many websites had potentially been compromised. Google, Yahoo, Facebook, Dropbox, and numerous others were all affected. What followed was a mass password resetting effort the likes of which the web has probably never seen.
For me, the Heartbleed fiasco instigated a change of approach. Until those dark April days, I'd been using a mish-mash of alphanumeric passwords and passphrases, all stored safely in my noggin. I wasn't nearly as diligent as I ought to have been about freshening them up, but that never got me into trouble. I made sure to use long, difficult-to-crack passwords with double-digit character counts, and I tried not to use the same ones for different services.
That all fell apart when I was faced with the daunting task of conjuring up—and then memorizing—a cornucopia of new passwords for a large and growing list of services. My friends and colleagues suggested password-management software, and I could think of no better alternative.
So, over a period of a few hours on the evening of April 10, I tried and subsequently discarded several of the most popular password-management tools available—until, like Prince Charming with the glass slipper, I came upon The One.
Dashlane's browser extension can be a little overbearing, and I found it to make mistakes on occasion. A couple of times, it offered to generate a new password... and then promptly saved the old one, leading to a few minutes wasted waiting for "I forgot my password!" e-mails. There's an easy workaround, though: manually generate a password via the extension's menu, and keep that password in the clipboard until you're sure the right credentials had been saved. Easy enough.
That little kink aside, I really can't complain. For a guy or gal with limited time and a lot of passwords to change, Dashlane does a pretty great job. It even saves payment information and addresses for online shopping, although I haven't set that up yet. Maybe I never will. I like the idea of not keeping all my eggs in one basket.
So anyway, that was my experience as a wide-eyed and quivering newcomer to the password management scene. I feel a heck of a lot better now, with a bunch of gibberish passwords that I can change at the drop of a hat, all without aggravation or memorization coming into the picture. I can access those passwords from any one of my computers (or my phone), and even if someone cracks my master password, two-factor authentication will leap to the rescue with its ever-changing six-number codes. I've never been safer.
Unfortunately, none of that really helps the average user. It doesn't help mom or pop or grandma, or that struggling small business owner you see in political ads.
My biggest takeaway from this experience is that passwords suck. They didn't suck so much back in the prehistoric days of the 1990s, when you only needed a handful of them. But today, with every little site on the web requiring its own login credentials, there's just no way for John K. Average-Smith to make sense of it. I imagine old Johnny has been using "fido777" as his only password for the past half-decade, and someone in Iran is using his credit card details to buy enriched uranium as we speak.
We need something better. I think some manner of biometric authentication is probably the way to go. A lot of laptops—and now phones—have fingerprint sensors built in. If those become more widespread, and their security can be guaranteed, then I wouldn't mind having to swipe my finger to log into Facebook or Gmail. It'd certainly beat fido777... or coughing up $29.99 a year for Dashlane.
|Dell acquires EMC for $67 billion||43|
|Toshiba's dynaPad follows in the Surface's pen strokes||0|
|Latest Win10 insider build activates with older Windows product keys||30|
|Acer's Aspire Z3-700 all-in-one PC can pack up and go||14|
|ITC says Samsung and Qualcomm didn't infringe some Nvidia patents||14|
|MSI GS40 Phantom squeezes GTX 970M power into a 14" chassis||14|
|ROG Maximus VIII Impact is a mighty mouse of a motherboard||41|
|Asus PG27AQ and PG279Q G-Sync displays join the Republic of Gamers||37|
|Archos' GranitePhone is a new spin on the secure Android device||19|
|From last time, we see the same basic idea that they still have to prove: How to turn single-threaded tasks in a "native" architecture into paralleliz...||+25|