I've found that password management tends to be a hot-button topic. As a developer and engineer I definitely see and feel the need for strict controls on authorization and access management - I've seen my fair share of "admin/password" catastrophes. Having said that I agree with Jeff Atwood that Password Rules are Bullsh*t. I like the idea of password managers, have a piece of software generate a cryptographically secure password for me and store it somewhere "secure" so I never have to remember my passwords ever again! Woo! Until I need to type it in. Why? Because I forgot the password to my password manager, or I just reset the password to my email where I would be able to retrieve my lost password, and don't exactly remember what the new password was yet, or there's a data breach at aforementioned "secure password storage facility".
I have been playing with unicode passwords lately, but support has been fairly lackluster. I also use Duo and Google Authenticator for a lot of projects; both seems to work well but still require a password to get to the auth key section. At the end of the day I all we can do is the very best we can with the resources we're given.
A purple-cloaked stick figure magician waves his magic wand over a magic top hat chanting, "abracadabra". The top hat responds, "Incorrect magic word, please try again." The magician, mildly confused, responds with "@bracAd4br@?"
enter your email address below to get a note when I release a new comic