Generating hard passwords is actually kind of pointless.<p>Yes, a hard password means it's difficult to brute force the authentication or crack a password hash you've stolen. But if you just use unique passwords for each service you use, it multiplies the work required to crack all the accounts.<p>The biggest risk to your accounts and your data is simply having everything in one basket. The other biggest risk is saving passwords, but nobody wants to memorize a bunch of difficult passwords. So it's actually easier to have a whole bunch of kinda similar easy-to-remember passwords, so you don't have to save them.<p>See, if you use Windows, chances are you've had some malware before. And if you've had malware, everything you type, everything you've seen or stored, including live browsing sessions, are controlled by somebody else. So doesn't really matter what your password is or how many you have if somebody's on your PC extracting your password database.<p>But nobody wants to think about that. So they craft themselves a false sense of security, using password generators and copying files to the ends of the earth. Truth is, if someone wanted to, they could probably ruin your day. The only safe backup is an offline backup, and the only safe password is one that's never saved anywhere.
Instead of the program suggested in the OP, on the command line you can also do this to generate random passwords:<p>perl -le'print map { (a..z,a..z,0..9,"\$","!","-")[rand 65] } 0..pop' 7<p>Note this particular one only generates 7 digits with no UC. You can alter it to your taste or needs.<p>You can also wrap it in a shell script to generate a bunch in a row (in this case 10), like this:<p>for i in {1..10}<p>do<p>perl -le'print map { (a..z,a..z,0..9,"\$","!","-")[rand 65] } 0..pop' 20<p>done<p>As an aside I don't like any web based site that generates passwords (nor do you need that as just shown) since there is no way to know if the passwords generated are being logged along with some identifying information.
What about the password manager of Firefox? It seems to be better at remembering passwords from signup, so the only missing ingredient seems to be generating a random password upon signup.
You might also want to try "Super Duper" which allows you to clone an entire Mac disk very easily. You can then test the backup by booting from the disk. It's also helpful when installing a new OS. Clone your existing disk, install the new OS on the clone (or on the original knowing you have an exact clone if anything goes wrong).
I'm a little disappointed how this article and many of the comments here ignore the specifics of what actually happened.<p>Yes "use different passwords" and "use a password manager" are good general advice. But this blog post expressly uses a specific case - the Honan hack - as a case study, without highlighting the one major lesson from that case.<p>The <i>actual problem</i> most strongly highlighted by the Honan case is that <i>your Gmail account is only as strong as the "backup email address" it is tied to</i>. Honan's problem has nothing to do with using the same password -- he /had/ different passwords which you know if you read his post carefully. Problem is, his iCloud email was his Gmail backup email, and Gmail apparently allows arbitrary persons to instantly take over an account as long as they control the backup email. No waiting period, no warning email to the Gmail account, no SMS notification. Yes this can be fixed with two-factor auth (apparently) but by default that is off and by default Google badgers you about setting up a backup email address until you do so. By default Google does not badger you about two-factor auth.<p>The other big issue highlighted by the Honan case is that <i>it is way too easy for bad guys to wipe your Apple devices.</i> In retrospect, it really seems like there should be more between having your laptop, phone, and tablet wiped than a single password. At the very least, a security question, but ideally something like a credit card number (compared against a stored hash), confirmation SMS to a pre-registered backup phone (spouse's phone, friend's phone, relative's phone, etc) or a confirmation robo-call to a work phone number.<p>If you think about it, it's a little insane that you can protect your Gmail with two-factor auth but you can't protect your laptop the same way.<p>Maybe a password manager would have encouraged Honan to use a stronger iCloud password, and maybe a stronger iCloud password would have prevented this attack, but that's not established because we don't know how the attack was pulled off. It was a seven char alphanumeric password and the attacker specifically told Honan it was not a brute force attack.
I don't think generating more complex passwords will completely solve the problem.<p>The problem is using only one cloud service for your data.<p>Basically, don't put all your eggs in one basket. I always recommend to replicate all your data and files to other cloud service which has different security characteristics. For example, if you use Google Docs and Evernote - replicate everything to a separate Dropbox or Google Drive account (using cloudHQ or some other system).
Doing offline backup manually is also a solution but it is easier just to replicate everything to a separate Dropbox account and Dropbox will put everything to your PC - you can map that Dropbox account to an external drive.
A second on Super Duper - I do this at least once a month to have a completely cloned system on an external USB Drive. Equally important - take the USB drive off site! I plan to buy a 1TB drive every six months so that I can take a complete clone to my cabin, just in case of a disastrous fire at my house. That's in addition to Time Machine, Dropbox, etc.