| Rich Freeman on 7 Jan 2017 11:57:03 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] XKCD: Team Chat |
On Sat, Jan 7, 2017 at 2:41 PM, Andrew Libby <andrew.libby@gmail.com> wrote: > On 1/7/17 1:52 PM, Rich Freeman wrote: >> On Sat, Jan 7, 2017 at 7:54 AM, Andrew Libby <andrew.libby@gmail.com> wrote: >>> >>> This is precisely why I don't use any of those fancy password management >>> services. To my stuffs, you need to specifically attack me and break >>> the method I use to keep my passwords secure (gnupg). It's less >>> efficient than just clicking submit in a browser with a plugin that >>> manages it all. >>> >>> Only semi-related to the topic here is that I gave up on remembering >>> passwords, but at least now I use super long (16 - 32 characters) and >>> every password I use is different and completely random. My experience >>> is that banks are the worst and reject much punctuation. Banks.... >>> >> >> So, how do you manage logging into sites on your phone this way? >> > > A good question - I don't. Frustrates me that I gotta type in my > password every time I go into my bank app, so I just do it all on > my PC. I like going to the bank and seeing the tellers for deposits > anyway. I'm old fashioned like that I guess. > Personally I use lastpass. The various options all have their pros and cons, and I'm not ignorant of both in the case of lastpass. However, I find it more secure than what I'd probably be doing otherwise. This is why I tend to recommend it to others. The average person isn't going to run keepass+gnupg+cloud-sync and they're definitely not going to keep a code book on their bookshelf. They're more likely to follow the Podesta school of security. :) If you can live without access on anything other than OSX+Linux/X11+Windows then the keepass route is going to be more secure. However, don't kid yourself, some of the exploits that would work on lastpass (like sandbox escapes) would probably work just as well against keepass the way most people actually use it. As with any other security-related topic (backups, encryption, etc) I think the important thing is to truly understand the risks every option involves, and to understand the value of their data, and to understand the priority of each threat-model for them, and to make a well-informed choice. It is also fine to have a multi-tiered strategy, where perhaps you use a tool like lastpass/etc for most stuff, and then for higher-risk stuff you use a different approach. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug