The message behind this e-book is definitely important -- that you should have a unique and complex
password for each website you use, and that you need some way to accomplish that. But the
particular method Devin recommends is not the most secure itself.
There are two general
ways a hacker can get your password. One is to guess it, either themselves or with the aid of
computers. This is why your passwords should never use real words (including obvious substitutions
for their letters) or obvious years or dates, and why your passwords should be long and complex.
Devin's system mostly takes care of this, although there are even some vulnerabilities here.
The problem is in the second way a hacker can get your password, which is if one of the websites
you use stores the password as plain text and it's stolen. In that case, Devin's method makes it
possible for the hacker to guess your passwords for other sites. This would require the hacker to
have a special interest in you and particular sites you use (like your bank or your email), but it's
nevertheless possible.
This isn't a complete criticism of the e-book, since the only way to
remember many passwords is to have some sort of system that ties them together, and having a system
that produces unique, complex passwords is a million times better than using the same simple
password everywhere. But the reason why you shouldn't use the same password everywhere is because
one of your websites could be compromised. In that case, Devin's system would slow down a hacker
but probably not stop one who is interested in you personally.
The best way to prevent
password theft is to use 2-factor authentication on sites that offer it, and to use a trusted
password vault or single sign-on system for those that don't.
Good Start for the Price, But Not Perfect
Report this review
