![]() > but I have not much of an idea how everything works behind the curtainĪny good password manager documents this stuff very well. Presumably this print out includes an instruction manual for using FreeBSD, opening a terminal on a FreeBSD machine, launching a shell inside a jail, and accessing this "user friendly" software? Exactly how technical is your family?įorgive my disbelief that this is an actual solution for anyone but yourself. > And, for added benefit, there are only a handful of things you need to have printed out and stored in a safe or whatever so that your family can access all of the encrypted important stuff if you get struck by lightning. > I went with unix pass installed inside of a FreeBSD jail. LastPass does not) is extremely safe, even if you don't trust "the cloud", because you don't need to trust the cloud. Users creating and remembering their own passwords does not have a good security track record at all.īetter to use a completely offline password manager (which risks you losing your backups or getting into a conflicting sync state) than no password manager at all, but a password manager that actually encrypts all your data end to end (which LastPass does not) and requires a strong key to unlock (such as the 2SKD method, which again. Most password managers have a very good security track record. I know people who have gotten sick eating at restaurants, but that doesn't stop me from finding good restaurants. Don't bother eating at restaurants ever again if you feel that way, I guess. People who just lump "password managers" into one group are fundamentally assuming that one bad password manager means that all password managers are automatically bad, we just somehow don't know it yet. Just because one restaurant has a bad health inspection score and is constantly making everyone who eats there sick does not mean all restaurants are bad. > the critical password from the poor security of password managers It also wouldn't suprise me if there were other breaches that were never made public, at LastPass, 1Password, or any of these companies. I'm not surprised LastPass is reluctant to share more information they want this to go away as soon as possible so that business can continue as usual. Their entire business reputation relies on being 100% secure, which is impossible. I know that 1Password is the darling in this space, but breaches are a matter of time. Not to mention the vulnerability from rogue employees, social engineering, etc.Įntrusting _any_ company with the secrets to your digital life is a bad idea in general. Even in the best case scenario that they do follow all best modern security practices for storing the data at rest, there are countless exploit opportunities while the data is in transit, especially considering the clients are web browsers, with their own security issues. I was specifically talking about _online_ password managers in that quote. And I would very much like not to worry about maintaining accounts, updating passwords, etc. I was a LastPass user for many years, many years ago, and trusted them, but have since moved all my passwords offline. There have been some usability improvements in recent years in this area, to the point where it could reach mass adoption, but the change needs to start with developers. The way forward is to get rid of passwords altogether and make passwordless authentication the norm. Many non-technical people don't bother or care at all. They're too confusing and a chore to use for the general public, even if users are educated about their importance, and would like to secure their accounts. Password managers are an entire section of software that shouldn't exist. To think that any company could handle this responsibility is naive at best. They're major centralized honeypots given the data they handle, and leaks are probably worth millions on the black market. Sure, but password managers available over the internet are especially vulnerable. ![]() I’m sure LastPass tried really hard to protect data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |