Yes, a hard password means it's difficult to brute force the authentication or crack a password hash you've stolen. But if you just use unique passwords for each service you use, it multiplies the work required to crack all the accounts.
The biggest risk to your accounts and your data is simply having everything in one basket. The other biggest risk is saving passwords, but nobody wants to memorize a bunch of difficult passwords. So it's actually easier to have a whole bunch of kinda similar easy-to-remember passwords, so you don't have to save them.
See, if you use Windows, chances are you've had some malware before. And if you've had malware, everything you type, everything you've seen or stored, including live browsing sessions, are controlled by somebody else. So doesn't really matter what your password is or how many you have if somebody's on your PC extracting your password database.
But nobody wants to think about that. So they craft themselves a false sense of security, using password generators and copying files to the ends of the earth. Truth is, if someone wanted to, they could probably ruin your day. The only safe backup is an offline backup, and the only safe password is one that's never saved anywhere.
Sure there's the "all eggs in one basket" problem with my 1Password database, but it's got a strong (~25char) pass phrase, and even then there's a class of passwords I store only on my head. My 3 banking passwords, my pgp key pass phrase, my root passwords, and my DNS registrar passwords.
One thing I think people often overlook is that your DNS registrar access credentials trump your email's two factor auth - if I can change your MX records, nothing you've done to secure your email account matters - I'll just get everyone to send your password reset requests to a mail server under my control…
And to take that even one step further, one of the onsite versions that we do is to a fireproof drive. (Other versions are physically offsite as you mentioned).
Anyway on the onsite version the fireproof drive is physically disconnected (USB) from the computer after the backup is complete. (It could be powered off but that would spin up and spin down it seems less detrimental to not do that..)
But it gets even better. There is also hidden safe that contains hard drives only (which are encrypted). The safe is left unlocked (it's not physically attached and could be hauled away). In the unlocked safe, in addition to the hard drives, is some money (cash). The theory being that if someone breaks in and easily opens the safe (if they find it) they will take the money and leave the drives alone.
(This dates back from the same practice being done with cash registers you leave a little money so the thief doesn't trash your place. I know this will raise questions as far as having a tempting cash stash but it is known by only a select group of people and there are pros and cons to any approach obviously.)
It's not likely both your live copy and offline, off-site, backup will be wasted at the same time. One is 'safe'. Two is redundant.
perl -le'print map { (a..z,a..z,0..9,"\$","!","-")[rand 65] } 0..pop' 7
Note this particular one only generates 7 digits with no UC. You can alter it to your taste or needs.
You can also wrap it in a shell script to generate a bunch in a row (in this case 10), like this:
for i in {1..10}
do
perl -le'print map { (a..z,a..z,0..9,"\$","!","-")[rand 65] } 0..pop' 20
done
As an aside I don't like any web based site that generates passwords (nor do you need that as just shown) since there is no way to know if the passwords generated are being logged along with some identifying information.
$ pwgen -1
enieQu3C
$ pwgen -1y
fa]m\e8O
$ pwgen -1sy 12
D[=,*j=65%
pwgen by default outputs a screenful of possible passwords. This is useful if two people are looking at the screen. -1 flag limits the output to a single password.
If I was generating initial passwords for someone's email account for example I probably would also leave out digits and letters that are easily confused, like 0 and O and l and 1 and some other things which isn't a best practice either but might be appropriate for other reasons.
Yes "use different passwords" and "use a password manager" are good general advice. But this blog post expressly uses a specific case - the Honan hack - as a case study, without highlighting the one major lesson from that case.
The actual problem most strongly highlighted by the Honan case is that your Gmail account is only as strong as the "backup email address" it is tied to. Honan's problem has nothing to do with using the same password -- he /had/ different passwords which you know if you read his post carefully. Problem is, his iCloud email was his Gmail backup email, and Gmail apparently allows arbitrary persons to instantly take over an account as long as they control the backup email. No waiting period, no warning email to the Gmail account, no SMS notification. Yes this can be fixed with two-factor auth (apparently) but by default that is off and by default Google badgers you about setting up a backup email address until you do so. By default Google does not badger you about two-factor auth.
The other big issue highlighted by the Honan case is that it is way too easy for bad guys to wipe your Apple devices. In retrospect, it really seems like there should be more between having your laptop, phone, and tablet wiped than a single password. At the very least, a security question, but ideally something like a credit card number (compared against a stored hash), confirmation SMS to a pre-registered backup phone (spouse's phone, friend's phone, relative's phone, etc) or a confirmation robo-call to a work phone number.
If you think about it, it's a little insane that you can protect your Gmail with two-factor auth but you can't protect your laptop the same way.
Maybe a password manager would have encouraged Honan to use a stronger iCloud password, and maybe a stronger iCloud password would have prevented this attack, but that's not established because we don't know how the attack was pulled off. It was a seven char alphanumeric password and the attacker specifically told Honan it was not a brute force attack.
That depends a lot on what kind of threats you're trying to protect yourself against. I suspect there's a lot of people for whom the correct response to a misplaced phone/laptop is "remote wipe immediately - if it turns up in the back seat of my car I'll just restore from backup - if was left in a plane/taxi/competitors-office/deacon I want everything o. It wiped _right now_!"
I bet if pg lost a laptop with emails/documents about current and prospective YC deals or exits, he'd rather not have to wait till a office hours robo-call gave him a remote-wipe-PIN.
It didn't work out for @mat, but I think "good backups and easy remote wipe" is a better default than "making remote wipe harder just in case your backups don't exist."
The problem is using only one cloud service for your data.
Basically, don't put all your eggs in one basket. I always recommend to replicate all your data and files to other cloud service which has different security characteristics. For example, if you use Google Docs and Evernote - replicate everything to a separate Dropbox or Google Drive account (using cloudHQ or some other system). Doing offline backup manually is also a solution but it is easier just to replicate everything to a separate Dropbox account and Dropbox will put everything to your PC - you can map that Dropbox account to an external drive.
