Sunday, January 22, 2012

Password strength

Recently I joined Lastpass.com for free password management. It is great to have this secure website help keep my passwords safe while using a different password for every site I have registered at. I the past I had used the same password but now they are all 30 characters using letters, numbers and special characters. Here is a sample password that lastpass will generate for you: z$7cAP%#Ak%r39x!PU5e2Nq1As*2Np I have changed 35 or so different sites passwords to different passwords and it was simple. Now if one site stores the passwords in plain text and a hacker gets it then I will just change that one password to a different one using lastpass in a minute. And the hacker won't be able to get into any of my other sites. One thing I liked was how secure you can make lastpass forum for instance. They allow your password to be upto 255 characters. But while I was changing passwords I found something surprising. The only 2 sites that I wasn't able to use my 30 character password on was financial sites. Wellsfargo forces it to be 14 or less and paypal.com forces the password to be 20 or less. How come all the biggest sites on the internet let you use a 30 character password and then where you want a stronger password it has to be half the size? I think they should allow 255 character passwords. It isn't something that should use more computer power to store a longer password. It's just one line of code usually to change the length allowed in login systems.