Skip to main content

View Diary: How to AVOID writing passwords (154 comments)

Comment Preferences

  •  I would NEVER store my passwords in "the cloud" (0+ / 0-)

    As you point out, large companies like LinkedIn (who one would assume to have some sort of security auditing in place) still manage to mess up crap like they did.

    Do you really trust the maker of a password manager to properly encrypt, store, and exchange your passwords?

    Do you really trust them not to pull a massive fail and have their ENTIRE customer database compromised? It's bad enough when that happens with one password, it's far worse if it happens to ALL of your passwords.

    And with LastPass, it's closed-source and unauditable. At least the open-source suggestions are auditable. (Although that's less of an issue if it's just storing passwords locally, I'd say.) So I have no way to know just what they're doing in there.

    I'd recommend any of the open-source password managers. I've heard good things about 1Password too, but I would only trust its local storage functionality, not its cloud options.

    Is this a problem if you want to sync passwords across devices? Sure, but using the cloud to solve this problem doesn't seem like a very good idea.

    (Of course, remember to back up, keep a copy of that encrypted backup, or at least the most important stuff like passwords, on a USB key elsewhere or whatever, etc, etc.)

    •  Pick what you're willing to risk. (0+ / 0-)

      I could easily write up a text document or Excel sheet or something with passwords, drop it into a TrueCrypt container, and sync it with Dropbox or Spideroak. It would be objectively safer than using LastPass. But LP provides conveniences I value and encourages me to be secure consistently, 100% of the time. I value that, and I'm educated enough as a software engineer to be generally content with LastPass' implementation. It's extremely safe IF they've done the job in the way they describe.

      Your criticisms are valid, and I weighed the risks and made my choice. But I also provided four options for password databases, several of them built ENTIRELY on local files with no cloud or remote services. It's calculated risk balanced against desired convenience.

      •  Isn't there something to the joke (1+ / 0-)
        Recommended by:
        llywrch

        About the two guys on the savanna?  You know, the lion starts chasing them and one guys stops to put on running shoes.  The one says "you fool, you can't outrun that lion!". The other says. "I don't have to, I just have to outrun you"

        Presumably there are enough easy identities to crack that being a harder one makes you safer

        Courtesy Kos. Trying to call on the better angels of our nature.

        by Mindful Nature on Fri Jul 13, 2012 at 07:07:07 PM PDT

        [ Parent ]

Subscribe or Donate to support Daily Kos.

  • Recommended (132)
  • Community (62)
  • Elections (39)
  • 2016 (37)
  • Environment (36)
  • Bernie Sanders (35)
  • Hillary Clinton (30)
  • Culture (30)
  • Republicans (29)
  • Media (29)
  • Climate Change (27)
  • Spam (24)
  • Congress (23)
  • Education (23)
  • Civil Rights (22)
  • Barack Obama (21)
  • Labor (21)
  • Trans-Pacific Partnership (21)
  • Texas (20)
  • Law (20)
  • Click here for the mobile view of the site