Helping people with computers... one answer at a time.

Passwords and authentication in theory and practice, including password quality, password management tools and authentication alternatives.

Can I keep my password list on my iPad?

You can save your passwords insecurely... if you want. But it would be better to rely on software designed for the job.

Can I use a programmable keyboard to store my passwords?

Using a programmable keyboard to store passwords is a pretty good idea; but there are a few hidden issues to think about.

Creating Good Passwords

This is from a section out of my Hotmail security checklist. I'll review a couple of approaches to passwords and the tools to manage 'em.

Do disposable email addresses really add any security?

Disposable email addresses are not a security measure in the sense of securing these accounts. They are a convenience and a spam management tool.

Does using complicated usernames add anything to the security level?

Complicated usernames add such a small benefit to your online security that it's hardly worth the effort. Better to focus on the basics.

Has LastPass had a security breach?

I recommend LastPass because of their transparency and security model: even LastPass cannot recover your login!

How do I erase all passwords saved on my machine?

There's only one way to erase ALL passwords saved on your machine. You probably aren't going to like it!

How do I get IE8 to remember my email password?

Instead of your browser, what I suggest that you use is a program like LastPass to remember your passwords for you.

How do I make a secure password if I can't use special characters?

Research has shown that the most important technique in creating a secure password might not be what you think! Here's a hint... it's not special characters!

How do I remove password protection from an Excel document?

I won't tell you how to crack an Excel password, but I will tell you a better way to keep it protected.

How do I restore my passwords after replacing my motherboard?

A motherboard does not remember passwords. Missing passwords must be caused by something else that happened while you switched the motherboard out.

How strong does my Windows password need to be?

Your Windows password actually gives you less security than you might think, but there are scenarios where a strong Windows password is important.

If too many bad password attempts cause account locks, how do hackers hack in?

Hackers have a lot of ways to try to get into online accounts. Understanding how it works can help protect you online.

Is a longer password of repeating characters more secure than a short password made up of random characters?

A longer password of repeating characters is more secure than a short complicated password. They are not cracked letter by letter.

Is it possible to use exotic characters to make passwords stronger?

Exotic characters can make strong passwords... if the password field accepts them, and if you can type them in. There is a better way to get a stronger password.

Is it really that easy to get someone's password?

We'll look at some ways that someone else could access your account.

Is it safe to stay logged in to LastPass?

If you are worried about hackers coming in through the internet, you're worried about something much larger than LastPass.

Is the 'Keep Me Signed In' option immune to password changes?

If you check Keep Me Signed In when signing in to an online service, the idea is that you don't have to specify your password again... unless you change your password.

Managing Lots of Passwords

Managing multiple strong passwords can be a pain. I'll discuss a couple of alternatives, including Roboform and Lastpass.

Password Recovery Questions; how do they work and can I make up my own?

Password Recovery Questions are a cornerstone of much internet security. I'll look at what they are, how they fail, and what you can do.

RoboForm Password Manager and more

With lots of accounts on the web, good security says their passwords should all be unique. Your computer can remember them for you with RoboForm.

Two-Factor Authentication

I recently enabled two-factor authentication on my Google account. I'll review what two-factor authentication is and how it works.

Webinar #2: Password Security and more

What can we learn from Mat Honan?

Mat Honan is a reporter for Wired magazine that had his digital life effectively destroyed due to account hacks and lax security policies. There are important lessons here.

What's a good password?

Good passwords are hard to crack and hard to remember. As a result, many people don't use really good passwords, even though they should. We'll look at what makes a good password, and some ways to make them easier to remember.

What's a good way to securely keep track of all my passwords?

Who is it safe to give my passwords to?

When we talk about not giving your password out to others, you should remember to keep it private, keep it safe, keep it secret, and keep it secure.

Why can't I just use one password everywhere?

With so many sites requiring a password it's very tempting to use only a single password everywhere. That's dangerous, and there are alternatives.

Why did I get a password reminder I didn't ask for?

A password reminder that isn't expected can be startling. An unexpected password reminder could be due to many things. The best thing is to ignore it.

Why do so many people forget their password? (And how do I avoid becoming one of them?)

Lost passwords are the single most common topic on Ask Leo! and on many other technical support and assistance sites. I'll look at why that might be and what you can do to protect yourself.

Why do some ISPs disallow special characters in passwords?

Aside from historical reasons, there really is no good excuse for not allowing lots of special characters and long passwords as an option for users.

Why won't services just email me my password instead of making me set a new one?

A service practicing proper security actually doesn't know your password. I'll cover how that works and why it's very important.

Will Roboform or Lastpass bypass keyloggers?

A password tool may bypass a few keyloggers - but that's no reason to use it. You should be thinking of your overall computer and account safety.

Will you help fix my account? My username and password are ...

In a desperate move to resolve account access issues, people are frequently trusting people they shouldn't and providing too much private information.