Archive

# The discovery of one of my email addresses on HaveIBeenPwned (again) is making me seriously rethink online security.

There is no guarantee that the listing had an associated password, or that any password listed was up to date, but the frequency with which these huge data dumps are published is becoming increasingly worrying.

I'm considering letting Apple's Keychain generate complex passwords for me and then possibly using a password manager beyond Keychain because I'll obviously never be able to remember them.

Do I need another option beyond Keychain?

How does Keychain generate the passwords and should I be worried about the potential for 'algorithm leakage' here?

Keychain isn't perfect (it's obviously Apple only) and isn't the most convenient password manager (copying a suggested password at the time of creation is impossible, for example) but it's built directly into the software I use most and syncs for free via my iCloud account.

If the subscription for a third party solution is purely for added convenience then is it worth it?

I installed 1Password to test it during the initial trial and it didn't seem drastically more convenient than Keychain: similar steps but in a different order. The only immediate benefit, from what I can see, is that it's contained within an app rather than a few layers down in iOS Settings.

Whichever way I go it'll be a case of forming a new habit - always hard - but it'll be worth it.

Comments

Sonant Thoughts - Episode 47: Milestones And Mixing It Up

---

As I approach the 50 episode milestone I'm still enamoured by being able to record anywhere and at any time I want but it's not always as simple to come up with a topic to record about.

I wonder if it's time to mix things up in order to keep them fresh.

---

Subscribe: via RSS or iTunes For all episodes visit: /podcast/

# It's begun!