Smashing Security podcast: Passwords

Three security industry veterans, chatting about computer security and online privacy.

Smashing Security podcast: Passwords

It was Internet Safety Day on Tuesday, and Vanja Svajcer, Carole Theriault and I decided that was as good an excuse as any to record a special “splinter” episode of “Smashing Security” podcast – taking a close look at the thorny topic of passwords.

'Passwords - a Smashing Security splinter'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team on Bluesky.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

2 comments on “Smashing Security podcast: Passwords”

  1. Bob

    For people who decide to use a password manager it's worth noting that you can use the software to generate a strong, unique, random password. The podcast wasn't entirely clear in this regard. So not only does a password manager store passwords but it creates them too. As long as you remember the master password (for your password manager) you don't need to worry about creating future passwords yourself.

    Google and Microsoft offer a new way to login without a password. It's secure and convenient:

    https://support.google.com/accounts/answer/6361026?hl=en

    https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_GB
    https://itunes.apple.com/gb/app/microsoft-authenticator/id983156458?mt=8

    Nowadays I recommend a cloud password manager because they work on multiple devices: phones, tablets, computers etc. LastPass is one such service which is cloud-based and it's free.

    https://www.lastpass.com/

    1Password is another cloud password manager although there are currently some problems with their service leaking metadata (on older versions… they call it a "feature") and on the most recent version if you use it to store sensitive documents you can find you lose access to them because of their decision to use the Windows Encrypting File System. There was also another (now fixed) vulnerability found by research Tavis Ormandy of Google. You've got to pay for 1Password although on the plus side it's a very nice design though and looks good on a Mac.

    For people who prefer offline password managers (which I don't recommend anymore because people want to access their up-to-date passwords on multiple devices/platforms) then the two best are KeePass and Password Safe. Both are free, open source and highly recommended amongst the security community.

    http://keepass.info/
    https://pwsafe.org/

    1. Jan-Willem Aikens · in reply to Bob

      I thought that was made exactly clear. Great podcast. Thanks!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.