Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
via lifehacker.com
I know lots of people question the potential for the single point of failure aspect of 1password, but being able to create and use one really complex password to protect against using the same crappy password across the web seems like a better solution. I am honestly floored at how the difference between a single character in a password string makes such a huge difference. I guess my new goal should be to have at least 14 character passwords. Even if you don't use a tool like 1password you should read this and head the warnings — if not for your own personal reasons, then for the security of your organizational data.
Is lot’s of encrypted one-use passwords really a solution? I’m really hoping OpenID adoption helps with this. I’d rather delegate authentication of my actions to some place like Yahoo or Google (or my own blog) than create new passwords everywhere. We still have a long way to go though when Drupal still makes passwords even if you sign in with an OpenID.
Hopefully Penn State going to become an OpenID provider once IAM comes to fruition and not just go their own way.
Brian, don’t count on it any time soon. In the meantime, I’ll be going to longer, more secure passwords managed by a vault.