Quicken Security Theater

Quicken Password Confirmation

I don’t understand this one. The reason many (most) sites require you to confirm your password is to ensure you typed it correctly when creating your password, otherwise a typo would prevent you from logging back in correctly later. We’ve all “fat fingered” a password before. That simple confirmation step prevents it on creation. How does entering my password twice when logging in provide any additional security? If the password is compromised, the extra field does nothing.

I presume the reason is to make Quicken look/feel more secure than it really is.

I should note that I like Quicken. I like it enough that even though the native Mac version is so disappointing on paper that I never purchased it, I did I purchased the Windows version and continue to use it there. I think that demonstrates my not hating Quicken. It does however have its quirks that just make me wonder what they were thinking.

Firefox Tip: Master Password

Love the password manager? Previously I provided a tip for haters. Here’s one for the lovers. Use a master password, this allows you to use one password to provide security, but without needing to remember all those others you have. To set one go into the
“Tools” menu and select “Options” and click on the “Security” tab. Now check where it says “Use a master password”. You’ll be prompted to create one. It will even show you how good your password is.

If you need help generating a good secure password, check out SafePasswd.com.

20,000 Passwords Analyzed

An interesting perspective on 20,000 Passwords. As noted in the comments, the data collection skews the results a bit, since most people who fall for phishing scams aren’t knowledgeable enough to know a good password form a bad password.

But it’s possible to generate a safe password with ease even if your not a technically inclined ;-).