I have five tiers of passwords. I use my top-tier only on sites where the password getting stolen could cause me significant harm—only a couple of sites meet this criteria, such as my bank login. I use my second high tier where the password being stolen would cause me significant inconvenience, and yet are still conceivably of interest to somebody else—such as the e-mail attached to my bank login. My middle tier is for websites with significant inconvenience and which I cannot identify an external interest, such as my Amazon account (which has my credit card information, but won’t send anything to an address that hasn’t been sent to before without reentering that information.) My lower two tiers are for websites which either cannot cause significant harm (such as a Diablo 2 account, when I stilled played—oh no, somebody stoled my stuffs! Big whup.) but could inconvenience me, or where I literally don’t care if somebody steals the account (such as my login for a dating site, or my login to pay my electric bill online, where somebody couldn’t order additional services or indeed do anything except… pay my bills).
I change my top two security passwords relatively frequently, and are a mixture of characters, numbers, cases (and where permitted, non-alphanumeric characters); the lower three tiers generally stay the same. The top two tier passwords are also only used where the institution itself has a strong obligation to prevent cracking.
I generally recommend this scheme, which limits the dangers of a cracked password, and makes it easy to remember passwords for most day-to-day stuff.
where I literally don’t care if somebody steals the account (such as my login for a dating site
Well, someone stealing your account on a dating site might impersonate you. I can’t think of an obvious reason why someone would want to do that, but I wouldn’t consider such a site (or, more generally, sites where I can communicate with other users, including forums or social networks) as bottom tier.
Additionally, two stage password protection if you are using gmail or any other service that allows it makes breaking into an account nearly impossible even with a relatively weak password.
Also, I am curious how many bits of entropy do you allow per tier; losing control of your main email account is a lot worse than most people seem to assume- The accounts I have seen which have had regular use often include a SIN and a fairly large amount of information which can be used for much more costly or malicious attacks than online banking provides.
I used a two tiered system at and 60 and 75 bits respectively, and if you actually want something to stay secure for any length of time against a GPU assisted brute force attack then you basically cannot go under 56 bits, which still only buys you a month against a good system.
I generally assume anybody who has the resources, expertise, and access to brute-force my password against a system is going to get in regardless of what I do, so I don’t worry too much about password entropy. If my bank can’t protect me against brute-force guessing, I am not going to believe they can protect me against a hacking scheme which bypasses my password altogether.
The weakest link in the chain is the one which breaks, and it makes little sense to forge one link particularly strong in case another link is particularly weak.
(Similarly, I always assume if somebody has physical access to my hard drive, they have access to its contents, regardless of what I’ve done to the hard drive.)
I have five tiers of passwords. I use my top-tier only on sites where the password getting stolen could cause me significant harm—only a couple of sites meet this criteria, such as my bank login. I use my second high tier where the password being stolen would cause me significant inconvenience, and yet are still conceivably of interest to somebody else—such as the e-mail attached to my bank login. My middle tier is for websites with significant inconvenience and which I cannot identify an external interest, such as my Amazon account (which has my credit card information, but won’t send anything to an address that hasn’t been sent to before without reentering that information.) My lower two tiers are for websites which either cannot cause significant harm (such as a Diablo 2 account, when I stilled played—oh no, somebody stoled my stuffs! Big whup.) but could inconvenience me, or where I literally don’t care if somebody steals the account (such as my login for a dating site, or my login to pay my electric bill online, where somebody couldn’t order additional services or indeed do anything except… pay my bills).
I change my top two security passwords relatively frequently, and are a mixture of characters, numbers, cases (and where permitted, non-alphanumeric characters); the lower three tiers generally stay the same. The top two tier passwords are also only used where the institution itself has a strong obligation to prevent cracking.
I generally recommend this scheme, which limits the dangers of a cracked password, and makes it easy to remember passwords for most day-to-day stuff.
Well, someone stealing your account on a dating site might impersonate you. I can’t think of an obvious reason why someone would want to do that, but I wouldn’t consider such a site (or, more generally, sites where I can communicate with other users, including forums or social networks) as bottom tier.
Additionally, two stage password protection if you are using gmail or any other service that allows it makes breaking into an account nearly impossible even with a relatively weak password. Also, I am curious how many bits of entropy do you allow per tier; losing control of your main email account is a lot worse than most people seem to assume- The accounts I have seen which have had regular use often include a SIN and a fairly large amount of information which can be used for much more costly or malicious attacks than online banking provides. I used a two tiered system at and 60 and 75 bits respectively, and if you actually want something to stay secure for any length of time against a GPU assisted brute force attack then you basically cannot go under 56 bits, which still only buys you a month against a good system.
I generally assume anybody who has the resources, expertise, and access to brute-force my password against a system is going to get in regardless of what I do, so I don’t worry too much about password entropy. If my bank can’t protect me against brute-force guessing, I am not going to believe they can protect me against a hacking scheme which bypasses my password altogether.
The weakest link in the chain is the one which breaks, and it makes little sense to forge one link particularly strong in case another link is particularly weak.
(Similarly, I always assume if somebody has physical access to my hard drive, they have access to its contents, regardless of what I’ve done to the hard drive.)
Thanks.
I posted the link in response to a reasonable business idea which I think is vulnerable to other sites’ security being hacked.