Nice article from the Washington Post, but as usual governments and the media are behind. As anyone who is paying attention knows, length is only one variable in creating entropy, and randomization (as opposed to patterns) is also important. See, for example, Diceware.  In addition, the RANDOM inclusion of special characters, numbers, capitals, upper case and lower case increases entropy by creating a greater number of possible choices. Best password practice, as I understand it, is to use a long, random word password (see again Diceware) to protect a password manager (e.g. LastPass, 1Password, or KeyPass) which contains long, unique, computer generated passwords -- difficult to parse and virtually impossible to memorize - coupled with two factor authentication. No wonder it is so easy to hack the government.  Of course, there exist better alternatives to passwords altogether, such as SSH keys, but these are generally not widely available to individual users on typical workstations.

Not to mention that any sane person would use strong encryption for storage and communications, but inexplicably, manufacturers are just beginning to build it in and most people are not sane. For secure communications, one is probably much better off using something like WhatsApp than email, but we really can't get away from email, can we? Especially for archival purposes. (For email encryption, I offer my clients Virtru, S/MIME, and PGP.) My top choices for storage of date online are Tresorit and OneDrive for Business, in that order. (My personal impression is that Tresorit is more secure but OneDrive for Business is (generally) more convenient, since it integrates seamlessly with Microsoft Office). Of course, it doesn't really much matter in some ways, because all of our personal data is already in the cloud anyway, so much so that marketers can tell a woman is pregnant even before she is aware of it. See Dataclysm.


© Charles Williamson Day, Jr., 2016. All rights reserved.

Disclaimer: This site is attorney advertising and informational in nature. It does not constitute legal advice. Persons seeking legal advice should consult with a licensed attorney in their jurisdiction. No link, comment, or email to or from this site constitutes or establishes an attorney-client relationship.