Use a secure random password generator like the one provided in Mashed Life or
the GRC Perfect Passwords
when you add/edit an account, to generate a secure random password for each account.
So even one of your account password is stolen, hackers cannot use it to penetrate
your other accounts.
Life is not all about security, how about my convenience & productivity?
How can I remember and manage all my accounts and the random passwords?
How can I stay on top of the maze of all my accounts?
Use a secure & reliable online account management & backup service such as
Mashed Life to achieve that in the web way, the free and zero-dependency way.
It is not only managing your passwords. It
organizes the login name, URL and the reason for creating the account so you can
stay on top of the maze of all your accounts.
- Search for an account quickly by its name, notes, username, etc.
- Sort all accounts by its name, username, last access, creation, notes, etc.
- Access from anywhere on any PC and mobile devices.
- Log in to the target site with just 1 finger, 1 click.
- If you need an off-line version, desktop-based
KeePass & Password Safe
are both integrated with Mashed Life
- Tag each account to group them as Home, Work,
Social, Fun, etc. for flexible classification.
- Worried about putting eggs in one basket, hackers taking over of your
Mashed Life account? Use the platform-independent crypto key
to achieve ultimate security.
Many web sites, even big ones ask for information about your mother, birthplace, school,
spouse, pet, ... as a way to reset your password when you forget it.
It is a stupid and a very bad practice in our opinion because it is...
- Too easy to break! Google for a person, search for a person's Facebook and LinkedIn
profiles, it is not difficult to find or guess the answers.
A good example is that
Sarah Palin's Yahoo
email account was easily penetrated by a college student in this way.
- Even worse, such private information is like your fingerprint, you can't change
your mom's name, etc. That can be used to break into your other accounts using the same
practice. This is an even bigger security loophole and privacy invasion.
This open-source project
shows it is not difficult to extract account information from the password storage
in the browser programmatically. And it has been a major known
. It is
particularly risky when you lose a laptop with a lot of passwords stored under the
browser's password manager.
Especially today most use multiple PCs at work, at home, or from mobile devices. One most
likely ends up having account information scattered across several PCs.
If you have to use it, at least use a 'Master Password' to protect them better. If you can
afford the hassle and the cost, you can use a PKI-based smart card to protect
For highly sensitive accounts that you do not feel comfortable to trust it to
any password manager, use 'hints' that only you know how to interpret into
the real passwords. It can be an abbrevation of a sentence, or your magic number, etc.