CBS Chick: You're an idiot. Everything you said is fine with me though, not because it's right, but because I want those
dumb naive enough to listen to your advice to figure it out the hard way.
Leo Laporte: Not bad, a little to know-it-all. The advice you give is sound but you are just catering to a crowd that already should know this, stop kissing ass.
iLikeTobacco: For the most part, you have no idea what you're talking about. You're at least right sometimes, probably by accident.
Lastpass is perfectly fine.
Do I recommend it? No.
Is it safe to use? Mostly.
What does Mostly mean? It means its pretty safe, but nothing is impenetrable.
Is that safe enough? Yes, probably.
So what is safe? A Physical factor of identification.
Huh? Two-factor Authentication.
Huh?? Google is your friend.
Should I use it? If you can, probably don't need to.
How can I trust you? You can't, if you could you're already doing security wrong.
so, what is a good password? Anything greater than 12 characters with a random variation of capital letters, symbols, numbers in an ambiguous arrangement. For example: Peps1.pickelgAr@ge (Spell a word wrong for bonus points)
Why Words? Easier for you to remember, but still difficult to crack
Why not just do what XKCD said to do? Because crackers already know to string words together, if you're going to use this system then adding just 1 random variation will incredibly strength the result. (like spelling a word wrong, or using a symbol)
That's still too hard to remember, is there an easier way? Yes, have a weaker password.
Website X won't let me enter a 12 character password, why? Because their database administrator / web developer is an idiot. You're going to have to remove some characters and email them about being stupid.