Tuesday, December 17, 2013

How did we end up with this?

I, along with several million other people, got caught up in both the LinkedIn and Adobe account hacks, and I've had "stop using 'password' as my password for every online account" in my to-do list for at least a year.

A couple of weeks ago I decided to do something about it. I activated two-factor auth on every account that supported it, clicked the 'generate temporary password for devices' link on Twitter, and then hit the nuclear button by downloading LastPass and beginning to upgrade my passwords (I don't really use 'password' as my password - I also use 'P@ssword', 'Passw0rd!' and 'pa55w0rd' - I'm always thinking, see).

It was a PITA changing old passwords, but I just about got around to changing the important things (accounts attached to credit cards, and core identity providers) when my new phone arrived (Moto-G, which is fantastic, btw, although I am comparing it to a 2.5 yr old HTC).

What a clusterf*k. Activating two-factor auth and various device checks means that I am constantly being asked to re-enter passwords, only this time I have no idea what those passwords are, as I've changed them from the ones I know to the brilliantly uncrackable long, complex, passwords generated by LastPass.

On the plus side I've discovered that Google Keep is a very efficient way of copying complicated passwords in plain text between devices. On the downside, lots of apps don't support 'Paste' on Android, so I have to write them down instead (hence a pocketful of Post-It notes). I think I'm now technically less secure, as I'm far more prone to social engineering hacks that I was before.

I really hope that those who hold our secrets (no, not the NSA) are working on solutions to the secure login conundrum, because no one outside of the tech industries would use a computer if it was as complicated as the situation I find myself in.

No comments: