[Discuss] Most common (or Most important) privacy leaks

[Richard Pieri]

On 2/18/2015 11:20 AM, Bill Bogstad wrote:
> And the same users are going to use "Four score ...." if you require
> longer passwords,
>   so you lose anyway.

I did preface that with "[p]assword reform starts with...".

Key chain managers can be a good next step. They allow the use of 
arbitrary, random gibberish as passwords in a way that users only need 
to remember one good password for unlocking the key chain. In essence 
they can do the same thing that heavy duty encryption systems do: they 
generate large random keys for actual encryption and encrypt these keys 
with user-provided passwords or passphrases. This way you can have 
strong passwords without any password reuse. Link a key chain manager to 
a trustworthy third party and you can have a robust password management 
system that is resistant to attacks.

-- 
Rich P.