Re: The perfect Password
That's all well and good, but there are a number of services that still limit the length of passwords to a ridiculously short number of characters. In that type of situation, the string of words method or xkcd method is useless. Password managers allow you to generate random passwords containing a mix of upper/lower case letters, numbers and special symbols of whatever length you like, so you can have much stronger passwords than "Iamsostupidthatiforgetmypasswordsallthetime2000". Also, unless you are recommending reusing the same password across many sites, that method is not practicable for most people. I currently have 116 passwords stored in my password manager. They are all unique and impossible to guess, even by me. I don't have photographic memory, so I simply can't remember that many unique passwords. I use a password manager for everything except banking, email and Amazon. For my banking and Amazon I have 12 character impossible to guess root passwords that I've memorized and never change, and I have an additional 18 character suffix stored on a Yubikey that I can change at regular intervals. I also use 2FA wherever it's allowed. There is no perfect password solution. Whatever solution you choose to use, you have compromised to some degree on usability, convenience or security. To what degree one is willing to compromise in any one of those areas is up to each individual. Saying that one should never use a password manager is a bit like saying to an investor "no one should ever have more than 50% of one's investments in equities as they are too risky".
Biting the hand that feeds IT
