For Internet users, the week of April 6 was undoubtedly one of the most annoying and harrowing in recent history. OpenSSL's Heartbleed bug was simultaneously patched and publicized on April 7, and over the next few days, we learned that our login credentials for a great many websites had potentially been compromised. Google, Yahoo, Facebook, Dropbox, and numerous others were all affected. What followed was a mass password resetting effort the likes of which the web has probably never seen.
For me, the Heartbleed fiasco instigated a change of approach. Until those dark April days, I'd been using a mish-mash of alphanumeric passwords and passphrases, all stored safely in my noggin. I wasn't nearly as diligent as I ought to have been about freshening them up, but that never got me into trouble. I made sure to use long, difficult-to-crack passwords with double-digit character counts, and I tried not to use the same ones for different services.
That all fell apart when I was faced with the daunting task of conjuring up—and then memorizing—a cornucopia of new passwords for a large and growing list of services. My friends and colleagues suggested password-management software, and I could think of no better alternative.
So, over a period of a few hours on the evening of April 10, I tried and subsequently discarded several of the most popular password-management tools available—until, like Prince Charming with the glass slipper, I came upon The One.
Dashlane's browser extension can be a little overbearing, and I found it to make mistakes on occasion. A couple of times, it offered to generate a new password... and then promptly saved the old one, leading to a few minutes wasted waiting for "I forgot my password!" e-mails. There's an easy workaround, though: manually generate a password via the extension's menu, and keep that password in the clipboard until you're sure the right credentials had been saved. Easy enough.
That little kink aside, I really can't complain. For a guy or gal with limited time and a lot of passwords to change, Dashlane does a pretty great job. It even saves payment information and addresses for online shopping, although I haven't set that up yet. Maybe I never will. I like the idea of not keeping all my eggs in one basket.
So anyway, that was my experience as a wide-eyed and quivering newcomer to the password management scene. I feel a heck of a lot better now, with a bunch of gibberish passwords that I can change at the drop of a hat, all without aggravation or memorization coming into the picture. I can access those passwords from any one of my computers (or my phone), and even if someone cracks my master password, two-factor authentication will leap to the rescue with its ever-changing six-number codes. I've never been safer.
Unfortunately, none of that really helps the average user. It doesn't help mom or pop or grandma, or that struggling small business owner you see in political ads.
My biggest takeaway from this experience is that passwords suck. They didn't suck so much back in the prehistoric days of the 1990s, when you only needed a handful of them. But today, with every little site on the web requiring its own login credentials, there's just no way for John K. Average-Smith to make sense of it. I imagine old Johnny has been using "fido777" as his only password for the past half-decade, and someone in Iran is using his credit card details to buy enriched uranium as we speak.
We need something better. I think some manner of biometric authentication is probably the way to go. A lot of laptops—and now phones—have fingerprint sensors built in. If those become more widespread, and their security can be guaranteed, then I wouldn't mind having to swipe my finger to log into Facebook or Gmail. It'd certainly beat fido777... or coughing up $29.99 a year for Dashlane.
|Synaptics' Clear ID fingerprint sensor feels like the way of the future||15|
|Use InSpectre to see if you're protected from Meltdown and Spectre||4|
|David Kanter dissects Intel's 22-nm FinFET Low Power process tech||1|
|TPCast's second-gen wireless VR adapter can deal with 8K streams||6|
|Be Quiet cranks its Straight Power PSUs to 11||11|
|Cherry MX Low Profile RGB switches arrive in the Ducky Blade Air||19|
|Nothing Day Shortbread||14|
|Here's all of TR's CES 2018 coverage in one place||7|
|Intel Core i5-8500 appears in SiSoft database||6|
|There's finally an SSD with a Quad-Damage feature! Unfortunately it's self-inflicted quad damage.||+23|