Friday, August 13, 2010


There is an interesting article on passwords and how insecure many passwords are. Faculty usually have to remember several passwords. For example, one has multiple email accounts, an username and password for each journal that they review or submit papers. For example, I have user accounts for at least 60 such journals for which I regularly review or submit papers. It is rather impossible to remember passwords for all these sites and, though one might use the same passwords, it is not very secure. For example, I used to use passphrases (of 35 characters or so) for the primary email account and bank accounts, while I used very simple passwords for forums, where you comment once in a while.

Now, I have completely moved to an online password manager. I am aware of atleast two very good online password managers namely Roboform and Lastpass. They will autologin and fill forms for you after you login to this extension. Luckily both of these password managers have extensions in Chrome.


Anonymous said...

Dear Professor,

How secure are these?

Giri@iisc said...

What people seem to be missing nowadays is that the most insecure way to store your sensitive data and passwords is at the pc side. Many people use the insecure password features of Firefox, Chrome etc. while that is a wrong feeling of security. A good hacker, smart thief or trojan only needs a minute to get all your passwords, access your mail and other data.

Another advantage is that most people won't have different passwords for every website (or will have a pattern), and LastPass lets you ditch this. So whereas before every single site you were on was a potential entry point to all other sites you were on, now only your LastPass account is. Cracking any "sub password" yields no extra information to an attacker.