Want Safer Passwords? Don’t Change Them So Often

The tyranny of mandatory password resets only makes security weaker.

Source: Want Safer Passwords? Don’t Change Them So Often | WIRED

tl;dr changing passwords often doesn’t make things safer. In fact it encourages people to pick weaker passwords they will be able to cycle through and remember.

The longer version of this article is that, like TSA, this is security theater. Most IT groups cannot justify their existence with simple things like “use a good password tool like 1Password”. They need large, complex, and costly processes to ensure that… well… there is good security theater.

Google two-step

Lots of news in the past few weeks about security, being hacked, and what to do about it. I decided the time was right; travel coming up, a few hours to mess with security settings, etc.

I embarked on the Google/GMail two-step authentication process. I expected to be confused, annoyed, and probably back out again. But I wasn’t: it was really easy. Few simple clicks, an SMS to my phone, generate a few new randomized passwords for my non-Google accounts (Exchange, Outlook). Done. All working in under 5 minutes.

Thanks Google, I appreciate you doing the work to make security better on my accounts.

p.s. a little weird that Chrome Sync is one of the 3rd party, non-Google accounts.

SeaTac, not so bad

P1480

Not bad this morning. We arrived at the airport and the security lines were long. It’s tourist season so people arrive with water bottles in their bags, etc. Business travelers must hate this time of year.

One thing I like at SeaTac is the security folks tell you where the shorter lines are. When they talk, MOVE. If you don’t the herd moves an what was short is now long. Just speed walk and all is good.

Almost ran into Glenn, he was ahead of us in security but racing for another terminal.