Determined Hackers can always find ways past security devices (even Yubikeys) but the more difficult you make it for Hackers the better as they will just move on to the people with no secure passwords!

Its a bit like having a big heavy front door with 5 locks to deter burglars ........... Its easier for the burglar to move on to a house with a window left open!

In my case I doubt it be would too difficult to discover.  However, you are best to avoid answering such a question with the actual answer.  The computer you are trying to access cares not the least what answer you provide only that the answer matches information you have previously provided.  So to a memorable question such as your mother's maiden name don't answer "Jones"  but choose something that only you would know such as CVRT657F.  The bad guys who try to break in may know or discover your Mother's maiden name (applying for a copy of your birth certificate is trivial) but they won't know "CVRT657F"

The great advantage of Lastpass is that you only need one secure password.  Have one strong password and the bad guys to get into you Lastpass vault need to know both your log in  and password.  If you want to make it stronger you can add a hardware device like the Yubikey. Now the bad guy needs you log on ID, your password and your Yubikey.  The bad guy will hopefully move onto to other targets where folks have used passwords such as "password".

For details of the Yubikey see here http://lastpass.com/support_screencasts.php and select Yubikey

How many people know your mother's maiden name, I wonder?

My own favourite is Nick Strobel's remarkable website at www.astronomynotes.com  which is a complete education in itself

Hi All

There is an email going around saying Mars at close approach will appear as big as our moon on Aug 27th! This is an old hoax which originated a few years ago when Mars was at close approach (2003 I think)
Even at its closest approach Mars will still be a pin prick of redish light.

Follow the link below to read the facts about the Mars encounters
http://science.nasa.gov/science-news/science-at-nasa/2005/07jul_marshoax/

JamesT

Hi Simon
I spent some time generating new secure passwords with 'LastPass' yesterday and now all my sites are now in the LastPass Vault. Like all new software it takes a little while to feel at home with its use but I am now comfortable with it. Changing old passwords and using LastPass to generate new secure ones is a nice feature!
I have used master passwords with Linux before but LastPass is by far the most useful and user friendly utility I have used. I now mainly run Windows 7 with only the odd excursion into Linux but LastPass can be used on most operating systems.

For those tempted to install LastPass I would say give it a go!

Rgds Jim

What sold it to me was that it had a glowing endorsement from Steve Gibson and I listened to his broadcast and thought this is just what I need.  I can now have passwords like wK9H6k4L80Vg and not worry that I have to remember them.  As you say it will hoover up passwords that you have used in browsers and auto populate Lastpass.  That saves having to re-enter them.  You can also use it to audit your passwords and check you are not using the same password across sites.

Good idea! I have installed it to try it out.
I found that when as part of the set-up importing existing user IDs and passwords all sorts of data is found for sites long forgotten or incorrect password tries. Must be cookies!
After deleting these I found LastPass very good!

I will continue using it for a while and if still impressed I will set up other family members laptops!

Nice one Simon 
Jim

This is a post that does not directly relate to Astronomy but it may affect your enjoyment if you have lax security.  One thing I have had a look at recently is Internet security.   It is amazing home many sites I now visit that require a logon and like most of us I have had the problem of trying to remember the password.  If you use the password "fred", which is surprisingly popular, for all the websites you visit it is not very secure.  Also if a bad guy finds out that you visit www.petmydog.com and use a password called "fred" then the bad guy might guess that when you access you bank, your email, facebook, twitter or whatever you use the same password.  I am probably preaching to the converted but you need strong passwords and should not duplicate that password in other sites.  Then you hit the problem of how to remember them.  

Paris Hilton's email account was hacked because she used her dog's name as a way of resetting her password.  When you choose a question such as your mother's maiden name do not answer it with her true name but choose something that no one else can guess or discover. 

So what should use as a password.  Short passwords are weak.  I have come across a single character used as  password such as “a”.  Very weak.  If you use lower case characters you have 26 at your disposal.  Include upper case and you have another 26.  Include digits and the total rises to 62 characters.  A one character password has 62 possibilities but again very weak.  It would not take long to try all 62 possibilities.  Two characters raise the number of possibilities to 3844.  Still not high enough. Aim for 10 characters and you have 62^10 possibilities which is 839299365868340224.  A brute force attack is pretty much impossible now.

Another no-no is dictionary words.  Any password that can be found in a dictionary such as a word or name is at risk of being cracked by trying all the words in the dictionary.  So avoid these.

We have now reached a problem.  If you have a different password for all the sites your visit and use strong passwords then how do you remember them.  It is a difficult task and the main reason that many people choose one or two passwords that they use across many sites.  This is a problem that I have pondered for some time.

The solution I think is Lastpass  (www.lastpass.com).   Lastpass lets you have a different password for each site and it will insert the logon details for you.  All you need to remember is one master password and that gives access to your Lastpass vault that contains all your sites.  This program  is free to use (unless you also want to use it as an app on your phone when it is $1/month).  I have played with it now for a couple of months and I cannot fault it.  There is a very good programme about it here > http://www.twit.tv/sn256 where Steve Gibson a security guru discusses it at length.  If you want to read a transcript of the program then you can find it here http://www.grc.com/sn/sn-256.txt.  The discussion about Lastpass starts about halfway through.

Any comments then do post here.

Its a shame but I guess Google realised it was not good enough to make money! I tried it but unless you have a specific use which worked (like in your case) it did not do enough to replace email in my book!!
Advertising revenue is key to Google and the effort to make it work was not worth their investment I suppose?

I look forward to the next big step change in communication technology but I have not seen anything yet ?

JamesT