In circles I travel in, there has been a lot of recent talk about passwords, encryption and reversible hashes. There’s also the constant discussion about password management applications such as 1Password, LastPass, and KeyPass. These programs and browser extensions keep the random strings we should be using as passwords in order. Finally, there are sites like Dropbox, who sent me an email this afternoon claiming that my password wasn’t as secure as they’d like and that I should update it to be something stronger.

Recently, passwords have been stolen from some Internet services. This is a problem because many people use the same password on multiple services, which is unsafe.

Apparently, they had a security breach and are trying to update things. It would have been better if the email had said as much… grrr. Anyway, even though I use mostly unique passwords for services, and I leave it to a password managment program to keep track of, I’m going to stop even doing that. I’m not longer going to be satisfied with LastPass suggesting 14 character strings of line noise. I’m moving over the magic of uuidgen. This has two benefits – whenever I find a password that’s not long enough, I’ll know it’s old and needs to be changed, and it will give me a consistent level of security and randomness to my passwords to keep them from being brute forced.