Video Games, Songs on iTunes, Internet, Phone Services... The list goes on, pretty much everything is expensive over here, even digital products with zero shipping or handling costs are triple or more the price in the US. For example I pay $70/month for 200GB of 'broadband' that peaks at 500kb/s and is totally incapable of streaming video. My mobile phone costs $95/month and I get 5GB of data.
The way I do it is going to be insecure the moment I lose one password, but it is easier for me to remember than these things. I have a phrase that is at least 8 characters long and then I add something specific for the service. The initial phrase includes a number and capital, for example "ExampleP1ss" and I really should have a symbol somewhere in it except I haven't signed up for anything that requires a symbol. Examples of things specific to this would be "hacknews", "hackernews", "hackerNews", "ycominator", "hackercombinator", ...
How (in)secure is this?
I also have it written down because I figure if someone has access to my personal computer physically, and they want my passwords they can probably install some keylogger or something else I don't understand, and this way I'll never forget my password. I also have a list of services that I am signed up for so I don't forget to change my reddit password because I haven't used reddit in the last three weeks after something like heartbleed happens.
What I will not do is store my passwords in my browser, that seems like an awful idea. Especially because some things automatically sync across browsers.
>What I will not do is store my passwords in my browser, that seems like an awful idea. Especially because some things automatically sync across browsers.
The serious browser extensions that do this use encryption for syncing, you are correct that centralizing them all in a browser extension is a negative for security, but the upside of having random and different passwords for each site or service _far_ outweighs the risks posed by centralization or browser storage.
The odds that one or more sites you use end up leaking your plaintext passwords is far more likely than Lastpass being hacked, even the odds of someone identifying your self described insecure pattern from a series of these leaks is far more likely than getting burned by an extension.
I had my apprehensions before starting to use a password manager, but after six months I consider it absolutely essential and urge everyone else to use LastPass or a similar addon. The benefits massively outweigh the risks.
>The odds that one or more sites you use end up leaking your plaintext passwords is far more likely than Lastpass being hacked
I'm not sure this is a fair generalization, especially without knowing the sites sthreet visits. Lastpass holds thousands of passwords and is probably a pretty big target for hackers. I don't doubt that they have great security, but nothing is guaranteed; one should at least admit that trusting Lastpass as a SPOF is a non-trivial decision to make.
Any idea why browsers haven't implemented their own native password generation functionality yet?
If nothing else, having this functionality built into popular browsers would increase public awareness of better password practices by at least an order of magnitude.
There's an option you can enable in chrome://flags to enable a password generator. I don't believe the user gets any control over the password's complexity right now, but it looks like it's something that the Chrome team is at least considering.
I'm not aware of anything similar being built into Firefox.
Great question, I'd love to hear from someone on the Chrome or Mozilla teams about this. Until then we'll just have to assume they are all busy finding new and interesting ways for browsers to use up more system memory.
I would think something like LastPass would be a good solution for you. Sure, it syncs across browsers and is stored remotely (on LastPass's servers), but at least it's encrypted and allows you to easily have very different passwords for every service you use.
Currently, someone just has to compromise your account on one third-party service in order to compromise every service you use (do you use Yahoo Messenger? I think all passwords are cleartext for that).
With LastPass, someone would have to compromise the (likely more secure LastPass service, or physically access your machine (and then compromise LastPass) in order to access your passwords. Seems just as easy to use, but more secure.
What I do for most sites is to enter a one-off random string and forget it immediately. I just leave myself logged in and when I get logged out I just use the email password recovery to set a new random password. Your email password recovery mechanism is already the weakest link.
Well, some websites I use are annoying and log me out fairly frequently, or maybe I'm just not checking the "keep me logged in" or something. But doing that every day is a huge pain.
All this assumes the third party service is even hashing their passwords.
To say nothing of the people who drop in a single round of md5 hashing without a salt and then sit back and tell themselves they are smarter than all those idiots still storing plaintext passwords.
They should also thank the researchers for not making 66,000 votes count towards something ridiculous, because unless I thought they would freak out about my way of proving a point, I would probably have did that when I told them how to secure their thing.
Then again, thanks to the wonders of the group voting ticket, the bar for getting a clearly ridiculous result is pretty high:
"In the New South Wales Legislative Council election of 1999, the Outdoor Recreation Party's Malcolm Jones was elected with a primary vote of 0.19%, or 0.042 of a quota."
This kind of result is perfectly valid. If candidates A and B are polarising, and candidate C is a compromise candidate, and you have a preferential voting system, then it makes sense that many people would put A or B first, and C second, producing a victory for C despite almost zero of the primary vote.
Of course, realistically, what probably happened in this case was more to do with party preferences and backroom deals, because you can give the voters an awesome voting system but then they'll just turn around and ask someone else to tell them what preferences to give anyway...
They could adapt because humans only grow the ones that are the better of the batch at doing what we want them to do. I can't see it working as fast as bacteria, but it could be another option.
It seems like it should be at pretty much the same speed, if an equal size amount of garlic plants were being attacked by MRSA. Doesn't matter if natural selection of human-guided selection does the culling.
I suppose it might be expensive to grow lots and lots of garlic plants and test them all for efficacy, though.
A generation of bacteria is way shorter lived than a generation of garlic. It would depend on how much the garlic was used though I'm pretty sure, though you might need to talk to an actual biologist for details.
Also, unless garlic defended itself from MRSA by killing it human guided selection would be better, what if the garlic is sneaky and figures out another way to survive that doesn't help humans.
two factor authentication: Things like this are probably the best argument for why I should get a phone, thought I still wouldn't have much use for it.
Also, it seems safer to write down your passwords. I mean, someone might physically take it, but that seems less likely than someone digitally taking it.
Having done a small amount of required volunteering for school I would disagree. Of course, I live in the middle of nowhere, and it was mostly my classmates volunteering with me who are also required to volunteer for so many hours.
Well, ya, it isn't really volunteering.
And there are so few places I know to work that I really don't get to pick where I work, it is just whatever one I find I do.
I think the volunteering experience is, like so many other things, dependent on who else is participating as well as what you are doing. I hope you explore/are able to explore other opportunities in the future that resonate more profoundly with you.
Maybe. I lost my signed sheet. So I have to do like 20 hours again. You wouldn't happen to know a good place to find things to volunteer for in general?
My wife's charity organization has gotten some new members by publicizing their events on Meetup.com! I haven't used it but in general that seems like a good place to find things to do.
If not, try your local government or church, or just see if big-name charities or service organizations have any groups in your area.
