Thomas Delrue on 9 Jan 2017 09:08:26 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Lastpass - friend of foe


On 01/09/2017 08:04 AM, Rich Freeman wrote:
> The problem is a general lack of alternatives.  I need something that
> can handle form-filling passwords on:
> 1.  Chromium on Gentoo.
> 2.  Chrome on Windows, ChromeOS, and Android
> 3.  Ugh, IE/Edge on Windows which rarely is needed.
> 4.  Lots of random applications on Android.

I think you are confusing "need" with "would like".

> I've yet to find a suitable substitute that covers all of these
> options.  On android in particular I want the fields to be filled in,
> not to switch to some application, copy a username, switch back,
> paste, switch back, copy a password, switch back, paste.  Granted,
> that is sometimes needed in lastpass as well but it is pretty rare.

Again, "want" != "need". Maybe what you want is not good for you.
(Always challenge the premise!)
I know security is a trade-off between convenience and ... security, but
at some point, the whole "if it isn't convenient, no-one will use it" is
invalid because being under the threshold of inconvenient makes it not
secure anymore.
Now, I'm _not_ making the argument of "what good is half an eye?"
because security works very differently from having vision. What I'm
saying is that the threshold of what can be considered 'secure' is
rising higher over time (unlike vision). Where partial vision gives you
a partial advantage over those without vision, having partial security
gives you a *full* disadvantages compared to those with 'full' security.
Partial security will still let you be fully compromised.

At some point, the correct answer really is "if you don't do X/do Y, you
are not secure, deal with it!". Maybe a little pain now and then isn't
too bad... (call me old-school)

Some people think that a secret is something that you share with only
one person at a time. I disagree with that: a secret is something you
don't share, ever!
Sharing secrets for convenience is not a wise approach in my
not-so-humble opinion.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug