Passwords on backups

Stop Lengthening your Passwords. It’s futile:

You can increase the number of characters in your password all you want; some guy is just going to … crack it next week.

The solution is multifactor authentication. But then what about backups?

Encrypting files with a password that’s long enough NOW doesn’t prevent them from being decrypted off a backup LATER, when the password isn’t long enough any more.

You have to re-encrypt your backups whenever your old password ages out. No way. The only solution is to not make backups of encrypted things. But that’s also not practical.

So then the only option is to not have long-lived secrets: assume not that everything is public now, including things like your passwords, but that everything will be public soon enough.

Leave a Reply

Your email address will not be published. Required fields are marked *