If Hillary only new of this. Lol
 
http://betterlifeadvocate.com/everykey/8/index.html?voluumdata=BASE64dmlkLi4wMDAwMDAwNi0wZDI4LTQ5NGEtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjU5ZmE5ODAwLWE3NTYtMTFlNi04NmI5LWMzYTU1MWYxZmU3Ml9fY2FpZC4uNGExYjdiNDEtNTg1Yy00NzYzLWFlMzktNjQ3YzZhOTNkNTczX19ydC4uUl9fbG
 
 
 

Two obvious problems.
 
It automatically logs you into the websites when you're nearby. When you walk away, it automatically logs you out.
 
But here's the thing, the Everykey device itself doesn't store your passwords. They're safely stored in an encrypted format on an Everykey secure server.
 
You should never be able to log onto a secure site without being consciously aware that you are doing so, and you should never have to trust someone else to secure your passwords. You should definitely have strongly encrypted impossible to remember passwords under your personal control at all times, but you can do that better with an ordinary thumb drive and a portable version of a password encryptor like KeePass with a strong master passphrase. 
 
This would not have helped Hillary much if her email was being sent in the clear over the internet to a server that was connected to the internet and open to attack. If all of the email transmitted was encrypted source to secure account on a secure server, then a strong password to log into that system might help in the course of the message, but if the server is compromised then reading email might be possible regardless.

I would never use something like this. I use a USA thumb drive for my passwords. I don't keep any passwords or ID's  on my PC. I was only joking about Hillary.

It's definitely getting harder as passwords get more and more "secure!"
 
"Here's your new auto-generated password.  Please memorize it and don't write it down anywhere!"
 
F*(*)(&Ghjo39784js09)(*&DJ)#(UOJFOjg=&f$,.-_+_20u)(*#Y(hF(yoihogiho439joirftged9745

craigb
It's definitely getting harder as passwords get more and more "secure!"
 
"Here's your new auto-generated password.  Please memorize it and don't write it down anywhere!"
 
F*(*)(&Ghjo39784js09)(*&DJ)#(UOJFOjg=&f$,.-_+_20u)(*#Y(hF(yoihogiho439joirftged9745

And every 28 days the server will issue you a new password.....

On the one hand Mrs TLW works for a UK government department that does pretty much that. Which means everyone keeps a note of their current password. Though to be fair it's a situation where the important thing is outsiders can't get in, not that staff might log in as each other once in an age and they use a lot of mobile technology. Which suggests to me that a once-and-for-all password might be the sensible answer to their problem, but what do I know.

On the other hand in one local government department I once worked in allowed users to choose their one password and didn't enforce changes at all. There was a near panic in senior management when it turned out that one in three of the four hundred staff with mainframe access in that department all used the same password. The nickname of the local football team. And most of those staff did handle financial data with a risk of internal fraud.

The answer was to compile a list of "not acceptable, use something else" passwords and an instruction to change your password if you thought someone else might know it.

craigb
It's definitely getting harder as passwords get more and more "secure!"
 
"Here's your new auto-generated password.  Please memorize it and don't write it down anywhere!"
 
F*(*)(&Ghjo39784js09)(*&DJ)#(UOJFOjg=&f$,.-_+_20u)(*#Y(hF(yoihogiho439joirftged9745

Ok I got it memorized

Mosvalve

craigb
It's definitely getting harder as passwords get more and more "secure!"
 
"Here's your new auto-generated password.  Please memorize it and don't write it down anywhere!"
 
F*(*)(&Ghjo39784js09)(*&DJ)#(UOJFOjg=&f$,.-_+_20u)(*#Y(hF(yoihogiho439joirftged9745

Ok I got it memorized

"Your password will be reset tomorrow."

With what I do I have access to a LOT of passwords used by our clients and most are, regrettably, but expectedly, very very simple (I've seen "Password1" more than a few times).
 
I think a more practical approach is the new double authentication type.  Yes, it requires the person to remember two things, but one is usually a four-digit PIN.  For the other I like a longer, but easy to remember, short sentences with some of the regular letters substituted (like "P!zz@L0ver").  Add that with a PIN and you should be pretty secure.
 

There is a respectable school of thought in security that frequent password changes actually diminish the security of the system, for reasons alluded to by others in this thread. It is actually not commonly effective to direct an attack in which millions of possible passwords are attempted at logon, and it can be made virtually useless by blocking the account after a few unsuccessful attempts. Replacing a memorized password at frequent intervals results in the natural human response of keeping a written copy of the new password handy, and thus available to anyone with even limited physical access to the site like the cleaning staff, let alone a compromised co-worker. It also results in a lot of lost password requests, which are a pretty effective method of attack. Most robots that respond to a lost password are ludicrously insecure, often just sending a reset to the registered email or in response to a "security question" the answer to which is in the public record. Human system managers are also likely to suffer from security fatigue if they are constantly bombarded with requests and are not immune from social engineering attacks under the guise of lost passwords, which are the most routinely effective attacks in most organizations. And the embarrassment involved in forgetting your password may cause you to share it with a buddy, who you can text from a remote location to look it up on your desk blotter and send it to you. A strong passphrase, more easily remembered than a complex password that is not frequently changed probably provides more security than a constantly changing short password. 
 
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
 

slartabartfast
There is a respectable school of thought in security that frequent password changes actually diminish the security of the system, for reasons alluded to by others in this thread. It is actually not commonly effective to direct an attack in which millions of possible passwords are attempted at logon, and it can be made virtually useless by blocking the account after a few unsuccessful attempts. Replacing a memorized password at frequent intervals results in the natural human response of keeping a written copy of the new password handy, and thus available to anyone with even limited physical access to the site like the cleaning staff, let alone a compromised co-worker. It also results in a lot of lost password requests, which are a pretty effective method of attack. Most robots that respond to a lost password are ludicrously insecure, often just sending a reset to the registered email or in response to a "security question" the answer to which is in the public record. Human system managers are also likely to suffer from security fatigue if they are constantly bombarded with requests and are not immune from social engineering attacks under the guise of lost passwords, which are the most routinely effective attacks in most organizations. And the embarrassment involved in forgetting your password may cause you to share it with a buddy, who you can text from a remote location to look it up on your desk blotter and send it to you. A strong passphrase, more easily remembered than a complex password that is not frequently changed probably provides more security than a constantly changing short password. 
 
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
 

 
Unfortunately, in the information (at least at this stage) one has to assume that all communications are unsecure.  It's a peculiar type of morality that imposes itself:  someone's always watching!