Talk to me about password managers, given the USPSA hack

[ummm]

I've used Keepass for years and really like it

but be aware of issues...

http://www.zdnet.com/citadel-malware-attacking-open-source-password-managers-7000036028/

look at the 2 factor authentication

The article does not link to an issue with any password manager, but rather says, "If your computer is already completely screwed, here's yet another problem you could have"

If someone is running key logging software on your system, you are already done. If someone has such access to your system, you are already done. Concern for what might happen with a password manager running on top of a completely pooched system is sort of like shopping for locks once the thief is already inside the house.

It's a testament to how secure some password managers are that they still have a way which would defeat this particular attack vector, even on a system which is totally compromised.

hi Ummm,

semantics is a fun game. I play with meanings a lot.

I have a logic puzzle for you...

which is better for security?

knowing you are 'safe'

or

looking for better securities?

if insanity is left aside,

all crime is a risk vs profit evaluation.

So cracking a secure system is not a question of 'impossible'

it is more of a question of 'why try...'

BTW, "because it is there" is about where insanity starts....

miranda

Actually wasn't trying to play with meanings, just wanted clarification so I could follow along.

But endless journeys cannot conclude, so you have your answer and the financial markets are not germane to this discussion

Your evaluation of crime ignores the most common causes, and "Why not" is not necessarily insanity nor an evaluation, might just be curiosity or boredom.

[Miranda]

oh, well... ummm.

ok not semantics.... just a clarification...

which is symantics...

AAAAAACK!

my method is to write passwords and only the PW on a post-it-notes

and they are lightly encoded... so the post-it is not enough to get the pw.

stick them in a notebook.

[Dranoel]

Pick a phrase that you can remember easily and involves some numbers but is totally unrelated to anything you do on the internet. Use the first letter of each word and the numbers.

Example: My 3 kids have watched Star Wars 17 times this year. = M3khwST17tty

I don't trust password managers. The manager can be hacked and then they have ALL your passwords.

I don't understand how this would help. If you have 10 accounts that need a password, it appears to me that what you are suggesting, all 10 accounts would have the same password then.

I thought the point was to have unique passwords for each account.

I also do not trust password managers. It is only amount of time, before the password managers will become the next victim.

I didn't mean it as one password for all but the simply the best way to make a password you can remember.

Though Personally I try to keep the passwords I use to a minimum. Most things like my e-mail accounts and forum logins use the same password. My Paypal and bank accounts all have different passwords.

[Dranoel]

The manager can be hacked and then they have ALL your passwords.

Back up this claim, please, or do you mean "can be" as in "cannot be proven to be impossible" ?

Anything can be hacked.

[ummm]

The manager can be hacked and then they have ALL your passwords.

Back up this claim, please, or do you mean "can be" as in "cannot be proven to be impossible" ?

Anything can be hacked.

Gotcha; that's what I thought you meant, thanks and in that case, I agree.

Edited November 28, 2014 by ummm

[SPRSkip]

I use Last Pass, It is a secure as anything out there and can be used on all the devices I use from computers to phones.

[jh3g]

I've been using 1Password for almost a Decade. All my passwords are sync'd across computers and my phone. This facilitates me generating a unique password for every site. It was originally Mac-only, but now there are 1Password clients for Android, iOS, and Windows. Definitely worth the money.

[Shadowrider]

I went with Lastpass because if I understand it correctly it encrypts AND decrypts on your local machine. I'm planning on using iCloud Keychain as a backup if I ever figure out how to update it's passwords. If I'm working on the road and I ever have to replace my phone I'm just hosed without iCloud.