Aurich Lawson If you felt a twinge of angst after reading Ars’ May feature that showed how password crackers ransack even long passwords such as “qeadzcwrsfxv1331”, you weren’t alone.
The upshot was clear: If long passwords containing numbers, symbols, and upper- and lower-case letters are this easy to break, what are users to do? Ars has largely answered that question already: use a password manager to randomly generate and store long, complex passcodes that are unique for each site you care about. Our how-to provides a thorough primer that should be required reading for anyone who uses the Internet. That said, password security is a highly nuanced undertaking with plenty of room for competing strategies and contradictory imperatives. Is it safe, for instance, to store your encrypted password file in the cloud or to allow your browser to remember frequently used log-in credentials? And what’s the best way to manage passwords across a variety of computer operating systems and different smartphone platforms? I recently checked in with five security experts to learn about their approach to choosing and storing crack-resistant passwords.
They include renowned cryptographer Bruce Schneier, who is a “security futurologist” at BT and recently joined the Electronic Frontier Foundation’s board of directors; Adriel T. Desautels, CEO of Netragard, a firm that gets paid to hack large companies and then tell them how it was done; Jeremiah Grossman, founder and CTO of WhiteHat Security; Jeffrey Goldberg, “defender against the dark arts” at AgileBits, a company that develops the popular 1Password password manager; and Jeremi Gosney, a password security expert at Stricture Consulting. 3