ToadCast 008 - Just use a password manager



We are back! ToadCast 008, I was joined by Jonathan Jordan to discuss password security, programmer mentality and philosophy, and more!

ToadCast can be found on iTunes. Check us out and give us a rating.

We now have a handy form for you to submit your questions, topic ideas, and tips! Yay. Give it a try.

Thanks for listening.


Topics discussed:

  • Feeling Overwhelmed as a programmer
  • Philosophy of expectations in our industry
  • Password Security
  • Password Managers
  • CSS news

Show Notes:

Comments

I drunkenly wrote all my thoughts about it here. Hopefully, it won't be modded out.

This is my favorite ToadCast, so far!!! Happy birthday, bro. Thanks for the pollywog mention, even if you are looking for something else!

I should also add that my template engine handles templates better than microtemplate. It can elegantly print single-quotes, and has better error-handling, among other things. I think backbone is awesome, and I agree that javascriptMVC has grown a great bit since we were using it.

Check out web2py for python awesome CMSness. Python is super-rad. It was designed as a teaching language, so it fundamentally has all the features of every other language, but little of the problems of many.

I think some language experience can teach you truly awful habits, like BASIC, VBA, Coldfusion, and even ASM! You have to tailor your experience around actual need and interest, I think. BASIC & ASM jump/gotos are bad for lots of paradigms, for example, even if it can give you a leg-up in your programming process, especially over non-programming experience, in general.

My inner-huckster drives me to succeed, and I hope that voice never goes away.

"hackers gonna hack" priceless. Also: true. if you can do a thing, and deem it even moderately secure, in general people will wanna break it.

passwords: echo `head /dev/urandom |md5``head /dev/urandom |md5` |sed YOURTRICKSHERE
hint replace [0-9a-f] with yer magix that are comprised of random [g-zG-Z].
now, use a manager.

FTP password security is a kind of oxymoron. It's plaintext over unknown bad-peeps wires, you know...

I want raspberry MUDs! Do this, Robbie, I will help. Also, let's go to these limestone caves, and get the original crystal caves cart stache, yo!

Also, as an ex-toady, who deeply loves MetalToad, I would like to talk on your podcast. I have a musical background, if that makes a difference, and I am the less refined of you 3, so we can have a kind of rags-to-riches, wuthering-heights reality-tv scenario, metalcasters.

The article on troyhunt.com seems to have almost willfully misunderstood the XKCD password comic. Strong, memorable passwords are not mutually exclusive with a password manager. Indeed, as he acknowledges near the end, such a password is a requirement for successfully using a manager.

The biggest threat to password managers right now is malware – a program that copied your encrypted data files, combined with a keylogger, could steal all your passwords in one fell swoop. There's some evidence that this is already happening. On the balance I still think the benefits of a password manager outweighs the risk, but the risks are real.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <cpp>, <java>, <php>. The supported tag styles are: <foo>, [foo].
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Ready for transformation?