 I call this password playdate because I've been planning on doing this for my girlfriends, get a bunch of girlfriends over and teach them how to use a password manager. So the idea was to make it fun, see, look, password playdate, that's going to be exciting. But when you hear the word password, what do you think? It's hard, terrible. So we're going to try to get a little bit past that. That's my idea anyway. Let's do a show of hands here. How many people here are already using a password manager? All right? Almost everybody. How many of you know you really should be, but you just haven't quite been able to get yourself to do it? How many there? We've got a few. And how many of you think this is the dumbest idea you're never ever going to do it? All right. I've got a few answers there. One of the main reasons I wanted to ask that question was because if most of the people had said they weren't using password managers, then this would be a slightly different talk. What I want you to think about from the charts I'm going to show is how to convince your friends and family. So that'd be another question. How many of you are trying to convince other people to use password managers? All right. All of my slides are on Creative Commons, so I can put these up on SlideShare and you guys can steal them, do whatever you want with them, as long as you give me credit for the idea, I guess. Well, not the whole idea, but part of it. So my ambitious plan for today is why do strong passwords matter? And I'm going to give you a real high-level version of how password hacking works. If you actually know how password hacking works, please don't correct me, because it's high level. I understand that. Shut up, Dave. And then I'm going to give you a real-life story of how I got hacked in the first place, and I'm going to show you a video of an octogenarian talking about how much one password helps him. And I think that I'm going to help you guys convince other people. And then kind of some advice on how to get people started the easy way. My first slide I wanted to start with here was how many of you guys had a notebook just like this with your passwords in it? You'll notice one of them says fish. Yes, I had a four-character password, not the fish that Dave likes. But I got a trick here that right there you can see it says Nicole. At one point it was N1-COLE, because I was like all over the crazy good password. Look at me go, girl. Right? You remember those days. So one of the things I like to talk to people about is you're never going to have a perfect password system. There's going to be something that's going to go wrong, right? We can't say if you do this it will be impenetrable. You will never, ever, ever get hacked. That's not going to happen. But there's a, I don't know, parable I guess you call it where two guys are out in the jungle and they start to get chased by a tiger. And the one guy stops and he puts on tennis shoes. And the other guy says, what are you doing? You're not going to outrun the tiger. And he says, I don't have to outrun the tiger. I only have to outrun you. So the idea of this going to a password manager is not that you're going to reach this level of perfection where you can never be hacked, but you're going to stop being the low-hanging fruit. You're not the person who's going to get hacked first. You may get hacked eventually, but you're not going to be the easy target. So I wanted to talk a little bit about what happened to me. Gawker Media was a site that got hacked and I had created an account there just to make a comment, probably to tell them they were wrong about something, but I'd gotten this account and I used the same password on my Skype account. Now, at this time I actually already had one password, or actually at the time I was using the last pass. And it was working great for me and I was setting all my accounts up, but I looked at Skype and I said, I don't care about my Skype password. It doesn't matter because only like 10 people knew my Skype name. What's a big deal? If somebody got into it, I'd just change my Skype name. I don't care about it. So I didn't change my password. But it was the same password that was on Gawker Media. And what I forgot about was that I had set up Skype to auto load from PayPal. So I went to the gym, came back and had lost $200 in the time I was at the gym. Now, luckily I just happened to catch it right after it happened. And the good part of the story, by the way, is PayPal paid me the money back. Even though it wasn't their fault, they gave me the money back. When I got to hold them right away and they stopped the account and they changed it. And at that point, I realized you can't just put your real passwords in. You have to put your junk stuff in, too, because you forget what's connected. By the way, I'm pretty sure the password N1-C-O-L-E. That's what it was at the time. So let me take a turn here and try to explain. And I've been working on how to make this as simple as possible without losing all of the depth, but to talk about how passwords get hacked. And again, this is a part where, is this slide for Dave? Am I wrong yet? So if you look at the top passwords in the world, monkey is always on the list. For some reason, we like monkey, right? By the way, that's a picture of my brother with a product he was selling. It was a spirulina bottle and there's actually a monkey ran over to him and stuck his hand into the bottle. So that was real. So, okay, let's say you're using the password monkey. You're going to go to this junk site, you know, pajamas.com. And your username is bobseruncle at mac.com and you're going to put in your password monkey, right? Because that's a great password. You love that password. The way encryption works is you start with the password monkey. We're going to shove it through this encryption algorithm that is known. And out of the bottom of that is going to come this encrypted version of the password. So I've just kind of made some jumbly letters here. That is not a real transcription of it. The most important thing to remember about the way encryption works is that it's only one way. You can't take this password and shove it back through any algorithm we have and have it figure out that it's monkey. So if you can't and if the companies that own you have your passwords encrypt it properly, then how would they ever be able to get to this answer? By the way, I'm not going to talk about password salting. If anybody wants to get into that, that's a whole nother opera. We're just talking about one pass through encryption. So now the hackers go in and they hack somebody, they hack Docker media and they get this pile of encrypted passwords. They don't have the unencrypted passwords. So you can see here, the one I had on my other chart was monkey turned into this thing that ends with comma 89. So they got this big pile of encrypted passwords and one of them is monkey. But they don't know that that's monkey. They have no way of knowing that, except. They build these things called rainbow tables or dictionary files and what they do is they take all of the words that we commonly use for passwords, they put them all into a dictionary and then they run them all through the same encryption algorithm. So this encryption algorithm is known. They know how to make it go this way. So they take all of the words and they take all of the combinations of the words of the times where we say, oh, I'm going to take the I and turn it into a one or I'm going to take this O and turn it into a zero. They know about that. So they have these dictionary files and huge files and they're commonly available on the internet and you shove them through the encryption algorithm and what comes out the other side is the encrypted versions of those. So now that they have this encrypted dictionary, they can now look backwards and say, oh, wait a minute, that thing that comes back is comma 89. That's the word monkey. So now they know that this thing with comma 89 ends in monkey. They can now start using Bob's Your Uncle or they can start using that. Sorry, jumped ahead of the slide there. They can start using Bob's Your Uncle at mac.com and shove it into all of these sites and see if it works. So at this point, they basically own all of your money even though it was your password that you had over on Gawker Media that started it. Did that make sense? It's first time I've run through that with a live audience. I've been working on that for a while to try to get it simple where it's not too hard to follow. So now that you understand why they're important, and by the way, if it was a long complex password, it wouldn't be in that dictionary table. That's an important point, right? So if you've got a 15 character password with upper and lowercase and numbers and punctuation and a goat in the middle of it, you're not gonna get hacked because it's not gonna be in that dictionary table. But the problem is you can't remember those passwords. You can't remember a lot of them and you can't remember the complicated ones either. So let's talk a little bit about last pass and one password. So these are the front runners. There are others. I haven't studied either of them. I have used both of these. I really like them both. I have no complaints with either one. I had a weird problem that last pass was never able to fix where it wouldn't log me out after a little while. It's supposed to log you out like after 15 minutes and it just wouldn't. And so they must have worked with me for three or four months trying to fix it and they couldn't fix it. So I said, I'm sorry, I have to go. So I went over to one password. But I did get great support. They have a great service. So let me just pop these in. They weren't really supposed to be animated, but the big thing to look at the difference between the two in my opinion and I asked for opinions on this online before I put this together. Last pass is definitely less expensive and I'll talk about the exact pricing. It's less expensive. One password I find to be more user friendly, but last pass has made a lot of advances since I left the fold with them. I used to think it looked real janky, looked kind of open-sourced, if you know what I mean. But now they've come a long ways. They've got pretty beautiful icons and pretty buttons and everything looks a lot better and they've got an iPhone app and iPad apps. So that isn't as much of a difference between the two. Last pass is cross-platform with a capital C and a capital P. It really is cross-platform. From the people I've talked to who've tried to use one password on Android and Windows, eh, okay, it's cross-platform, but it's kind of janky. So if somebody is truly a cross-platform user, you might want to push them towards last pass. Last pass's encryption scheme is known. It has been studied. Steve Gibson was given the source code. I don't mean the encryption. The whole scheme they used to protect your data is known. He was able to look at the source code and vet it. So we know what's going on inside it. Last pass is their own algorithm, what they've done. And so nobody knows what that is, but they haven't had any problems with it. Last pass has got team and enterprise plans and one password has family plans and team plans. So if you've got a group of people you want to take care of, they both have good offerings in that. You might hear people say that, well, last pass got hacked. They did get hacked. And guess what? Nobody lost their data. Nobody lost any data. So it's the kind of thing where they're a target and you would expect them to be a target because this is the crown jewels, right? This is everything. If they could get into that, that'd be awesome. And they were able to get to the databases, but they were not able to crack into anybody's passwords. So in a way, I think that was, you know, that's almost even better news, right? Is you know, even if they get hacked, they can't get into it. Or haven't yet, it's always gonna be the same. One thing that's a difference for me is last pass requires a separate authentication app if you want to do two factor authentication. Last pass has it built in. And from my perspective, when I looked at that, I thought, okay, well, that's better. One password's better than last pass in that respect. But somebody I mentioned that to online said, well, it also means more of the eggs are in the same basket. Maybe it makes sense to have a separate authenticator app. So make your own decision on that. Oh, does anybody want to argue with me about that? Because I was, I was, whoops. I was curious if anybody had opinions that differed on that of- Last pass does use like Google Authenticator. Last pass does use Google Authenticator. So you can use theirs or you can use the other ones, yeah. So I think you could probably use a different one with one password as well, right? You can, yeah. So yeah, they do have an offering, but it is a standalone separate offering, yeah. What do you mean by native two-factor? What do you mean by native two-factor? The, within one password, if you set up two-factor authentication, like I have it for my Amazon account, it's got a username field, it's got a password field, and then you can use, believe it or not, barcodes are like a QR code scanner inside one password to scan an authenticator code and it stores the authentication inside that same entry for Amazon, for example. So you get, you log in with one password and then there's a, it'll say, okay, give me your two-factor, you go back into one password and there'll be a six-digit code that you copy. And you can see it expires after a little time. You see a little thing going around saying, oh, this one's turning red, it's about to expire, okay, get the next one. So they basically are generating the passcode that you would normally get from both? They're generating the passcode, correct, correct, that will speak, I'm not a real, you know, expert on two-factor authentication, but that's how I understand it works, yeah. Yeah, a question? Can either one of those software platforms give you a password that meets the requirements of the site when they say, I want to use the password. Yeah, let me repeat the question. He's asking, do either of these allow you to create a password that meets the requirements of the site? Not that I know of, because sites usually don't tell you what that is, right? Most of them, you do it and they go, well, nope, that was, what was it? Somebody was telling me, oh, Corky was telling me, he got a password question on, it was one of the security questions, asking, where were you born? And he typed in Gary and they said, no, it has to be five characters or more. Well, but I was born in Gary. And I said, well, that's because you're supposed to be lying on your security questions. But yeah, no, I don't know of any that'll do that, that'll respond to, it all has to do with what's revealed to the password manager, that the password manager has to be able to read that from the website, and I don't think websites reveal that information to them. Any other questions on that? Does last pass only allows you to store unbought logs? Does last pass have cloud support? Last pass only allows you to store it on last pass's servers, and one password is in a lot of heat now, they're pushing everybody towards their subscription model, which is only on their servers. So if you have the standalone version that you're storing in Dropbox now, if you were to go into it today, it's very, very difficult to get that version, it's where you can store it anywhere you want. Yes, there is a lot of local, limited site. According to what I read on Adrobit site, it said, you have to email us and ask us for the link to go get the download. So that's harder than, yes, it's an offering. I mean, it feels like they're really skidding out the door on that. They're really pushing you to use their cloud service, which is gonna be a subscription service. We do have plans for local storage. We do have plans? They do. They do? For local storage? For local storage. Okay. Mr. Chaffin says they do have plans for local storage in the next version, but that doesn't necessarily mean it would be a standalone license. It might be a subscription license, but it has local storage. For local storage. Is that someone from one password answer? Or from Adrobit? Okay, I'm gonna repeat you for the microphones. You said, you do push people towards... We push new users towards our service. We push new people towards the service. It's a much simpler setup. Simpler setup. Yeah, existing users can have... Existing users can continue to use their licenses the way they have been. Yeah, I mean, anybody who's gone through the Dropbox dance, trying to reset it up with a new computer and do sharing, I would agree that that's probably easier. I haven't converted yet, but I'm feeling tempted. So, love OnePassword, buddy. You can have any questions. All right. Great. Okay, OnePassword guy is waving. Oh, what's your name, sir? Dan Peterson, Lead Designer. Dan Peterson, Lead Designer. Ooh. So, anybody who is watching this later and didn't come to MacStock, that's the kind of person you get to chat with when you're here. I'm feeling you're gonna be busy the rest of the day. All right, big, big fan. All right, so you're the one who should tell me if I'm lying. Now I'm really nervous. I gotta be right. Is this right? So, it's $2.99 per month for all of your devices. And when I say all your devices, I mean, it's your Macs, your PCs, your, well, I'm sorry, your Macs and your iPhones and all your devices. And you can do $4.99 a month for a family of four, a family of five, sorry. And I don't use that myself, but I've watched Don McAllister's fine screencasts online videos where he showed how if you're the family owner, you can actually manage the other people's accounts. So if you have less technically savvy people or you have children that you wanna be able to manage their account and they come to you and they go, oh, I forgot my one password. You can actually reset it for them. So it's kind of a cool setup. I think that's a really slick idea. That kind of makes me wanna do it except Steve's technically savvy. So he'd probably be mad if I keep resetting his password for him. One password is available at agilebits.com. And LastPass has got an interesting business model. They have one device category is free. So the first time you set up the LastPass, if you set it up on an iPad, then it's available to all of your tablets that you can't use it on your phone or your desktop. If you start on your desktop, you get it for free on all of your desktops that you can't use it on your phone or your tablet. So it's kind of a neat way that you can really dig in, get started. Let's say you do it all on your Mac and you get it all working and then you go, man, I really want that available on my phone. Okay, I'm gonna start paying him. And the price is $12 a year. So it isn't much money. It's a really good deal. So if you're super price conscious, I think LastPass is a good choice, too. Sorry. This is weird having somebody here. It makes it a challenge. So that's available at LastPass.com. All right, you're still thinking, it's too hard, I don't want to, this sounds hard, it's gonna be annoying. Well, it is hard. It is hard to set it up and get started. But I'll show you some easy ways to do it. But the important thing to remember is that when you get to the other side, it's nirvana over there. Because I mean, I'm not making this up. You might think that podfeed.com, my website is important to me. I do not know the password to podfeed.com. Couldn't tell you what it is. No idea. I don't know the password to log into my web services code to my web hosting company. I don't know. Because if I knew it, it would be stupid and it would be easy to crack. So me being in charge of it is a bad idea. So I don't know what my most important passwords are. I actually know what some of the sillier ones are, which is weird. All right, I wanna show you a little video here. See if, hopefully this will work. This is embedded. I'm not counting on the web for this presentation. Steve's father is 80 years old and he converted over to one password. And this is a testimonial he did on my show to explain how awesome it is for him. Well, please tell me there's audio coming out of this Mac. There is, okay. Let's hope so. And I don't know. Do I click here or do I click to make it go? Ken, welcome to the podcast. Yes. Well, thank you. Appreciate your honoring me. I wanted you to talk a little bit about what your life was like before having one password, a password manager to take care of your passwords. And then after that we'll kind of talk about how it changed after you got one password. Oh, it was terrible before I got it. But it's much improved, yes, because of the one password and there's several reasons. So what was difficult for you before? Well, there's two or three things I should point out I had a neck surgery about two years ago and as a result of the fusion in my neck, it resounded in neuropathy and all my fingers both hands. And so I only have about 50% feeding in fingers both hands. So when I type now, it's very slow and it's hunting pack. When you have complicated passwords which we're supposed to have, it just makes it all the more difficult to put in passwords all the time. Did you have a ton of passwords you use every day? No, I have maybe 30 total passwords which is low I'm sure compared to most techies, but there are three that I do use frequently and I use them a lot more because of one password. Those three are my two bank passwords, the two separate banks, and mutual fund password for all my financial transactions and those are very critical and I never used to check those regularly every day but now I do because it's so quick and so easy to skip from one to the other once you're into one password instead of putting some passwords in. I used to check them once every week or two. Now I check them every day. So I know you've been really good about understanding security and how important it is to have long complex passwords. So you were already good at that except it was hard to put in because as I recall you had it on a piece of paper and you had to read it and type these things in, correct? Yeah, I had to go get it for my handy place and then look at the password, because I could never remember these complicated passwords, 30 of them, so I have to do that every time and now I don't, so that's a big asset right there. So what was it like being converted over? How did you get used to it? The initial setup was what was difficult for Steve because he did it and it's rather intricate in some respects because I wasn't used to it. So I basically just watched Steve set up one password without doing it myself. I gave him the information, but Steve did it and so for anyone new at it, that's the only hard part. Do you right click to enter the passwords? Is that what you do? You don't have to do that anymore because the passwords and the ID code's already in there. So basically it's a two-click job now. Wow, that's fantastic. So I don't want to put complete words in your mouth but I'm going to, would you say that you feel like you're able to be more secure now because you've got those good passwords and you don't have to remember them? Well, yes, yes, because when you have a lot of passwords floating around, you have to keep track of them somewhere and you have to look at them frequently. Well, this has been great. That was pretty much all I wanted to ask you about and I appreciate you coming on and doing a little testimonial for everybody to hear what it's like to use a password manager. Yeah, so long thank you for letting me be the star of the show for... I love Steve's dad, he is my hero. So I really think that illustrates the happiness on the other side. That's what I wanted to get across to people and also if people are trying to take care of elderly relatives like Granny out in the parking lot there or friends and maybe they can look at a video like this and say, well, wait a minute, he's like me. He's got problems with his fingers, he's gonna complain about his health and stuff and this is gonna be something I can do. So I thought that was really helpful, I really enjoyed that and I love that one password you got to see that, actually it's got to see that too. So I promised that I would talk a little bit about how to get going and how to get over this hump. And the biggest thing I try to tell people is to go really slowly, start out slow and just get a password manager. So pick one by whatever means you're gonna do. Pick your password manager and then install the browser plugins. And once the browser plugins are installed, all you have to do is start going to websites and logging in. And when you go log in, you're gonna go to facebook.com, you type in your username password and your password manager's gonna go say, hey, would you like me to remember that for you? And you say, why, yes I would. And let it just start storying. So don't do anything but that for say a couple of weeks. Just let it keep compiling your passwords as you start going into them. And then after that, you're gonna start doing something a little more interesting. In both LastPass and in one password, there are utilities that will allow you to see how good or how bad your passwords are. I like the way LastPass does it. It's kind of gamified. They give you a score. My score was really, really, really bad. Let me just tell you. I forget what the scale is. Is it to 1,000? I think it was like in the 200s. Every site had the same password. They were too short. They weren't complicated enough. And I found it, I was really embarrassed, but it gave me some goals to reach to try to up my game. When you look over in one password, they have a thing to show you your weak passwords, duplicate passwords, and then a couple of other interesting aspects like while you haven't changed this one in three years, what are the chances they haven't been attacked? Probably. But they also do have a feature called Watchtower. And I really like that one because that one will light up and tell you, hey, you know these sites you go to, they had a hack. You probably want to change your password. And that's really handy. But as you're going through these, you're going to want to start looking at the ones that are these weak passwords and start thinking about how you're going to improve them. But one of the problems is it's so easy to get overwhelmed with this problem. So what I want people to do is just start doing a couple of day. Don't sit down and say, I'm going to change all of my passwords today. It's like saying, I'm going to wash my car. I'm going to wax my car. I'm going to tire black. I'm going to factor. I'm going to do the windows. You're never ever ever going to sit down and do that again. That's never going to happen if you try to do it all at once. So instead, go in and just do a couple of day. Just fix some of them. Start fixing some of them. And set a schedule, say if you can, get a couple of done a day. And my buddy Bart Buchatz always says, he says, protect the crown jewels first. What is the most important thing to you? Let's say it's your money. Go over to bankofamerica.com and get a great big giant long password that you're never going to have to know and get that changed and put it into your password manager. But probably something more important, believe it or not, in your money is your email password. Because your email password is basically the ticket to everything because if somebody hacks your email password, they can get your password reset on all these other sites. So they know my email address is alisonapodfeed.com. If they get into that account, they can go to bankofamerica.com and say, hey, reset this password for me and it's going to get that password reset will get set to my email, which they're already in. So believe it or not, put your email, it's the number one thing that you protect. But then you want to think about stuff like your photos are really important to you, whether you're, I don't know if anybody still uses Flickr, but Flickr's out there, wherever you're keeping things you care about, that's what you really want to protect first. Then work your way down to the other ones. And once you get the rhythm of it, once you get the really important ones done, you're really going to feel better about it and be able to keep moving and get them all done. So I wanted to show you a site that might help you with this. One of the things you have to do is pick a single, long, giant password with, like I said, with numbers, letters and punctuation and a goat in it. You've really got to have one long one. For your last pass or your one password, that one that you're ever going to use again, you need to make sure that one's good and long. So there was an XKCD cartoon that talked about how to make a good password. And I think it was horse battery, staple. I forget what the fourth word was. But Barbushott's took that idea from XKCD and did the math to create a website where you can create long, scary passwords. And at the risk of terrifying myself with the internet gods, we are actually going to look at this site. Let me go over here for a second. I preloaded it in case everything went horribly wrong. So this is not a site where Bart is ever going to know your passwords. That isn't going to happen. It isn't possible because you're never going to tell him any information. You're only going to get information from this site. So the idea is that he's got some presets up at the top that you can choose from, and you can change the parameters of how the passwords get created. But let's just take with whatever the defaults are. Down at the bottom here, after you choose a preset, you tap this button that says Generate Three Passwords. And apparently, Chuck didn't know you don't need a third party app to zoom in, because it's already built into OS X. It's under accessibility, by the way. I'm just saying. Come on, it's been like a half an hour since I made fun of Chuck. You've got to give me that one. So you can see here that this is a big, long, scary password. But if you look at it, it says Give Oslo Bin. Now, the trick of this is these are easy to type words. They're short. They're memorable. And yet, they're not something a human would ever put together. Nobody would put those three words together. Chief agreed about death, battle, gas. Those are all really easy to remember. And you can see in between each word, he's got a separator character, he's got digits on either end, and he's got special characters on either end. So you look at that, and you say, none of those just really, they just didn't come to me. That didn't make me, none of those made me think I could remember that forever. So you simply hit Generate Three Passwords again. And it's going to give you three new ones. That's any luck? There you go. So it just ran again. And you keep doing this until you find one that looks like, hey, that's one I could remember. That one made me laugh. That's the way I choose them. Now, Bart might be a little bit crazy here on how many characters he thinks we're actually going to type. So you've got other options. Like, sometimes you were asking about how many characters the website would allow you to use. You can do Web 16 or Web 32. If I hit Web 16, for example, all the presets have changed. I'm going to generate three passwords again. And now they're a lot shorter. And maybe that's something you'd be better able to put in. I think this one doesn't look like it has numbers. So it's got symbols. It's got uppercase, lowercase. And this is still a fairly high secure password. Down here, you see where it says entropy? It's got green boxes around it that says that's enough. That's enough chaos in those passwords that that's not going to be guessable within any length of time. If you want to really have fun with this, you can go in and you can change these parameters. So he's got how many words do you want? Like, if we start with the default, you can see he's got three words, minimum length four, maximum length eight. You're going to be typing for the rest of your life if he chooses default. So I usually dumb it down a little bit from that, as long as I'm still getting green down at the bottom. And he's got things like, do you want to transform word case? Or maybe you'd like alternating word case. I'm not going to go through every one of these in the interest of time. But it gives you a lot of different options of how you want to create this password. So when you're done, you're going to have a great password to put into your one password or your last password. And this is the only one you have to have to have to remember. You might want to use this to generate your Apple ID, because how many times do you still have to type your Apple ID all the freaking time, right? So you might want to make a memorable but incredibly secure password for your Apple ID, which of course is often your email password as well. You might want to use xkwd.net. Any questions on this? This is the coolest site. I keep this up all the time. Yeah? I'm just curious, because I have three articles for using one password, and three words as opposed to, I guess, to involve online and jibberish or whatever. Is one better than the other? Let me try to paraphrase this for the audience. The question is whether it's better to use three words or should it be a jumble of characters. There's a lot of different things that go into it. And actually, Bart did a great lecture on my podcast where he talked about the math behind this and what actually matters. And what he was able to explain to me was that one of the most important things is long. And the other thing that matters is that there'd be different types of characters. So think about if you had a password that was only one character. So it's going to be lowercase alpha letters, right? So it can be A through Z. That's all it can be. That's only 26 different options. If you make it capital and lowercase, now it's 52 options. Now if you throw numbers in 0 through 10, now you've added 10 more. And as you keep adding different types of characters, it gets harder. So if you add in letters, upper and lowercase letters, numbers, special characters, any special character, you've all sudden made it hard. But if it's too short, a computer can generate and go through and solve it. So you want it long with one of everything. So you don't have to use seven symbols, three letters, and four numbers. There's no secret formula there. You just have to use all of the options. What I'm wondering goes, when I first saw the thing of using three words with hyphens, is there any advantage to that? Oh, yes. Is there an advantage to using three words? Yes, because you can remember it. These are passwords you're going to have to remember. Yeah, the password? Yeah, that's rough. It's Frank Petrie. OK, you got that one. So yeah, this has to do with any passwords you actually do have to remember. And you do have to remember your one password or your last pass, that one you have to remember. And Apple makes you type your Apple ID password all the time. So these are the ones you're going to have to type. I also use it for our password for our network. I've got a long, complex password, but it's got three words, six special characters, and four numbers in it. So you can look at it. You can read it out loud to somebody, not x, lowercase, j, uppercase, i, 7, q. It's something you can read out loud to somebody. So I use it for that, as long as you're going to, if you ever need to send it to anybody. Yeah? I'm sure I did something in here. But through showing screens with all kinds of garbage and separators and words, how do you get three words to generate all of this stuff? OK. So how do you remember those three words? Don't you have to send a lot of other garbage stuff in there, too? OK. This might look like garbage, but it might just be the font. This actually, I don't know how to paraphrase that question, but he's just asking about the formatting of these words. That says, suit part full. And it's got a dollar symbol at the front and the back, and it's got two stars in between. Well, should I have to remember all of them? You have to remember the dollars? Yes, you do. You do still have to remember the special characters. I tend to set it up where it's symmetrical. So whatever I do at one end, I do it the other end so that I don't have to remember two things. You can also choose in his algorithm whether to have the padding symbols be the same as the padding digits. Do you want the separators all to be the same? If you really hate yourself, you can make all the separators different, so it's a dash and then a dot and an underscore. I don't do that because I don't hate myself that much. But as you play with the tool, I think you'll kind of get in the rhythm of it. So the last thing you do is you copy one of these passwords or you write it down with a pencil. And that's part of what I'm saying is Bart isn't going to know your password. He doesn't know what you're doing with this password. So there's no input from you on this website. It's all you pulling information from it. So I want to make sure nobody thinks Bart now knows my Gmail password because I use this tool. Yeah. What is that, URL? What is the URL again? It's xkpasswd.net. So it's sort of like a play on XKCD. It starts with XK. It's an open source project, by the way, that he's got out on GitHub. Yeah, Leon. So one thing I want to bring up, as we might do for yourself, to answer the W's question, you did do a podcast with Bart when he first rolled it out and he went through a full detail of the recipe, the repeated characters, and how to make it simple but complex. It is one of your podcasts that you guys did next to each other's video. So you might want to reference that. OK. That's the search one. OK, so Leon is suggesting I do more to publicize that article that he did. Bart writes up amazing show notes on his website. If you go to BartB.ie, you can get to this tool and you can also probably do a search there to find the notes he wrote. So if you'd like to read all of the math that he did and the walkthrough that he did on my show, that's there. And the audio lives over on my show. So I can make that available to Mike maybe for the future for people to take a look at. But it's really, really interesting. He's a computer scientist, physicist, guy, and he's really smart. So it's pretty fun. All right. I have three minutes. What's that? We're all thinking about that. Oh, yeah. I know that's your password on television. Let me repeat this back because I forget everything you say so the audience can hear it. He's pointing out that if you lose your master password, they can't ever tell you what it is. It is not possible. They don't have that password. And for security reasons, we cannot reset that master password and anything like that. So yeah. Can't reset it. When you create a master password, we recommend writing it down and putting it in your safe. Wait. Is that my next slide? I should mention I just took a job with one password. So what he was just saying is exactly correct. Make sure you give the key to somebody else. Many of the podcasters here were good friends with a good friend of ours, Tim Verporten, passed away and had not given any information to his wife of where all of his passwords were. And it was a disaster. Companies lost their websites. They lost their domains because he had them and they didn't know the passwords. What Steve and I have chosen to do is give each other our master passwords. And we have actually given it to our children as well because we actually trust our children. But if you don't trust your children in the rotten, maybe you've got a friend. Maybe you want to put it in a safe deposit box. I've heard people say, print it out on a piece of paper and cut it in half and give it to two people. And I'm thinking, yeah, but if you don't trust those two people, can't they just get together and, you know. Yeah, yeah, find a divorce couple. I like it, I like it. It's just, this is a happy place to go, but there's a little bit of a hill to get over. And when you get there, it's absolute nirvana. And I couldn't miss a chance to plug all of my podcasts. Tame in the Terminal and Programming by Stealth are both super geeky, tight, propeller beanie shows that I do with Bart. And then we've got Chitchat Across Bound Light, which is an interview show I do every other week. And every single week since 2005, the Nosellicast Mac podcast. Oh, Dave Hamilton has a question on this chart. I have a question. It's probably going to fill this all for a little while. 244, I've got one minute. You mentioned last cast and one password. Is there a reason that in the password manager list did not include iCloud teaching? Is there a reason you didn't include iCloud teaching? Yes. Thank you very much.