http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspxOne thing you get to do as you get older, or have been around the industry for a long time, is to pontificate. My pet topic today is passwords. I think that they are, as a concept, now completely broken and have been for a long time. We tell users: 1.enCommunityServer 2.1 SP2 (Build: 61129.1)http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspx#44819Wed, 22 Aug 2012 08:14:54 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44819jamiet<p>Greg,</p> <p>Agreed. As a halfway house I use Lastpass; its not ideal (not least because it has a glaring single point of failure) but, for me, its the best option right now.</p> <p>JT</p>http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspx#44820Wed, 22 Aug 2012 08:32:46 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44820Chris Donges<p>OpenID was an attempt to fix the problem.</p> <p><a rel="nofollow" target="_new" href="http://en.wikipedia.org/wiki/OpenID">http://en.wikipedia.org/wiki/OpenID</a></p>http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspx#44821Wed, 22 Aug 2012 09:51:14 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44821RichB<p>Aye, and it's only getting worse, with many sites now demanding about 3 different passwords, letters from ordinal positions within them, and magnifying the problem with dates of birth and mothers maiden names (which of course I am just going to plug into some poxy webforum).</p> <p>Key fobs to generate randomish numbers, one of which you need a pin to input first... HSBC needs: 1xmembership number (about 11 digits), 1xmemorable code (over 8 iirc) AND 1xPin to generate an rsa type # to tap in. &nbsp;</p> <p>Almost always there to protect what... a forum login??</p>http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspx#44823Wed, 22 Aug 2012 11:17:57 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44823Ben Thul<p>I couldn't tell you what most of my passwords are. I, like Jamie, use something to remember and generate them for me. I like the combination of KeePass and Dropbox.</p>http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspx#44825Wed, 22 Aug 2012 12:56:03 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44825Stephen Mandeville<p>I use Keepass 2 professionally and personaly</p> <p>Free and it works great</p> <p>Whole DBA team uses a shared version.</p>http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspx#44826Wed, 22 Aug 2012 13:10:25 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44826snewfie<p>And I forgot to mention That I also use Dropbox to have acces to my passwords from anywhere.</p>http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspx#44855Fri, 24 Aug 2012 13:53:35 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44855@Hennie7863<p>Yep really true and we need another solution for this. I'm getting crazy with all of the different passwords for sites. </p> <p>Yet another problem are the devices. Some sites reset the passwords (in case you forgot) and the result of this is, that i have to re-enter the password on every device.</p>http://www2.sqlblog.com/blogs/greg_low/archive/2012/08/22/opinion-passwords-as-a-concept-are-completely-broken.aspx#44987Tue, 04 Sep 2012 01:01:40 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44987Andrew Oliver<p><a rel="nofollow" target="_new" href="http://xkcd.com/936/">http://xkcd.com/936/</a></p>