At The Atlantic, Megan McCardle, resident business and economics editor, takes a look at something nobody really seems to talk about very much, but affects all of us: password policies. She accuses network administrators of being detached from the rest of the world in their policymaking, which I’d agree with. Rather than developing more fluid security management, the trend has moved exactly the opposite direction, where security has become more onerous for the user—the person who knows the least about security. She calls this a terrible cost and value proposition. Read the comments; they hold a lot of amusing anecdotes, personal experiences, and gripes from everyday (albeit, considering this is The Atlantic, probably intelligent) users.
I personally get around this by using 1Password, which kind of allays some of these problems—I let the application do all the heavy lifting for me. I’ve talked about it before, back in (!!) 2007, but it’s changed quite a bit since then.1Password is, at its core, a password storage vault. It’s a self-standing application which holds your passwords, secure notes, credit card numbers, frequently-used identities, and software serials (and versioning, which i find absolutely invaluable—i don’t know how many times I’ve had to find a password for an old Mac OS 9 app) in a highly secured environment. More deeply, you can quickly use the application—via a strong password generator, which is accessible through a contextual menu whenever you’re presented with a form—to generate gibberish passwords which are then remembered and stored with almost no interaction from you. There’s also an iPhone app to keep your passwords close at hand, which I find myself using frequently.
1Password is available from $39.95 from Agile Web Solutions. There are two versions of the iPhone and iPad app downloadable from $9.99 from the App Store. Editions also available for Windows, of course.