Bookmarked You Don’t Need to Burn off Your Fingertips (and Other Biometric Authentication Myths) by Troy Hunt (Troy Hunt)

Let me bullet this succinctly:

  1. Obtaining a usable biometric artefact is much harder than obtaining a password
  2. Creating a usable biometric prosthetic is much harder than using a password
  3. Fooling a biometric verifier is much harder than fooling a verifier you can provide a valid password to
  4. Those with the capability to do the above 3 things are not the ones who are most likely to obtain your biometrically protected things

Use biometrics. It incentivises people to secure more things, it’s resilient to all sorts of risks passwords are not and as an added bonus, it makes your digital life a whole lot easier ๐Ÿ™‚

Troy Hunt explains why stealling somebodies biomatric data is so much more difficult than a password. Hunt also address this in his ‘Ask Me Anything’ session at the AusCERT2021 conference.

Liked Netflix’s Password-Sharing Crackdown Has a Silver Lining by Brian Barrett (WIRED)

Admittedly, freeloaders primarily threaten the cohesiveness of your recommendations lists. Itโ€™s not the end of the world. They could also, though, steal whatever personal data your profile holds.

The much bigger issue is that the wider the password circle gets, the more risk you personally take on that your password will become compromised. And given how often people reuse passwords across multiple sites and services, that means your exposure could extend far beyond Netflix.

Bookmarked Changes to LastPass Free – The LastPass Blog (The LastPass Blog)

Weโ€™re making changes to how Free users access LastPass across device types. LastPass offers access across two device types โ€“ computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type.

LastPass recently made the decision to limit their free subscription to one device type. As Mark Vandevelde suggests, this basically forces people to pay:

Experts say it is hard to know whether the new limitations on the free version of LastPass will encourage more paying users to sign up.
โ€œWithout the ability to sync, thereโ€™s very few users who will really be able to use [LastPass],โ€ said Joseph Bonneau, a cryptography researcher and computer security expert at New York University. โ€œTheyโ€™re making the free version so difficult to use that most people will be forced to pay or use another solution.โ€

I was also interested in Chris Smith’s discussion of trackers.

The Register points out that LastPass rivals 1Password and KeePass do not have any trackers. Bitwarden has two trackers, and Dashlane has four.

I decided to use this as an opportunity to reassess. If I am going to pay then I feel I would rather pay for 1Password.

Bookmarked How to Generate a List of Passwords in Google Sheets (InfoInspired)

You can use my formula to easily generate a list of passwords in Google Sheets. The passwords will be a mix of alphanumerics and special characters.

Prashanth Kv breaks down the process for creating a strong password in Google Sheets. This breaks down all the various steps, such as random letters, upper and low case, as well as special characters,ย  in the creation of a formula.

=ArrayFormula(vlookup(mid(A2,2,1),Sheet2!$A$2:$B$27,2,0)&JOIN("",char(if(ISEVEN(code(split(REGEXREPLACE(LOWER(A2),"(.{1})", "$1,"),","))),code(split(REGEXREPLACE(LOWER(A2),"(.{1})", "$1,"),","))-32,code(split(REGEXREPLACE(LOWER(A2),"(.{1})", "$1,"),",")))))&vlookup(right(A2,1),Sheet2!$A$2:$B$27,2,0)&right(text(B2,"mmm"),1)&mid(text(B2,"yyy"),2,3)&day(B2))

Alternatively, Zak Kolar created an add-on for Google Sheets that generates passwords in a similar style to DinoPass.

This could be useful when generating/managing bulk account/password creation.

Bookmarked We Didn’t Encrypt Your Password, We Hashed It. Here’s What That Means: by Troy Hunt (

A password hash is a representation of your password that can’t be reversed, but the original password may still be determined if someone hashes it again and gets the same result.

Troy Hunt discusses the difference between encryption and hashing when it comes to passwords.
Bookmarked Digital Spring Cleaning by Aaron PareckiAaron Parecki (

While these can seem like overwhelming tasks if you have to do them all at once, remember it’s never too late to start, and you can always make slow incremental progress too!

Add new accounts you create to a password manager, and slowly add your existing accounts as you log in to them. Unsubscribe from email newsletters as they arrive in your inbox. While Digital Spring Cleaning is a good chance to tick off a lot of the boxes at once, it’s worth it to set up these practices so that you can maintain them going forward!

By making a little progress over a long time, you’ll avoid ending up needing to spend a full day or two cleaning up a mess at the end of the year.

Aaron Parecki provides a run-down of some digital spring cleaning that we should all consider. This includes:

  • Backing up data
  • Organising your files
  • Digitizing documents
  • Cleaning up your inbox
  • Deleting unused apps from your phone
  • Reviewing your passwords and authentication

This is a useful resource alongside Chris Betcher’s elaboration on passwords and authentication and Ian O’Byrne’s series exploring digital hygiene.

Liked Something you know, Something you have by Chris Betcher (

Theย something you knowย is the password, and yes itโ€™s still a good idea to have a strong password, something with enough length and complexity that is hard to guess but easy to remember.ย  But itโ€™s not enough. Itโ€™s just one factor.

The second factor isย something you have, or something you physically carry with you, such as a phone or touch key. Unless the hacker or foreign power actually has your phone, they canโ€™t access your data, even if they know your password.ย  Just like the two keys for the front door, they need both your password AND your phone at the same time. If they have both those things, you may just have bigger problems to deal with.

Replied to Have You Done Your Digital Spring Cleaning? – EdTechTeam (EdTechTeam)

Neglecting your infrastructure can have adverse effects. Here are several practical ways to tidy up our digital lives from Chris Craft.

I think that being deliberate about some of these habits is often the biggest challenge. Ian O’Byrne has a series on digital hygiene to support this process.
Replied to Three steps to develop a system to take control of your passwords by Ian O’Byrne (W. Ian O’Byrne)

There are several things we need to assume as we work with digital tools.

You will be hacked
You may have already been hacked and donโ€™t know it
You will have to change your passwords quickly when you are hacked
You will most likely have to change passwords often
One the first steps in discussing privacy and security in online spaces usually involves your passwords. The challenge is that far too many of us have a…

Ian, I was recently caught up in a civil debate about password management. The question was why I did not simply store my passwords in Google. I said that it was my choice not to, but then got caught out not really having a reason why I did not store them within the browser.

I was wondering where that sat with your discussion of passwords and ‘security’. I raised the concern that storing passwords in Google was a lot of eggs to put in the one basket, but then isn’t that what happens with LastPass etc…

I am sure I am missing something here, just thought I would ask.