Conquer Club

Password Management (attn: Woodruff, et. al.)

\\OFF-TOPIC// conversations about everything that has nothing to do with Conquer Club.

Moderator: Community Team

Forum rules
Please read the Community Guidelines before posting.

Re: Password Management (attn: Woodruff, et. al.)

Postby betiko on Tue Jul 09, 2013 8:12 pm

I don t ask myself so many questions. I have a few passwords and change them once in a while. I think it s better to have very little passwords and change them often rather than have one for each thing. I think it s better to find good way to remember your pw, and only you know how your memory works and how you are likely to remember it. You forgot it? No biggie you just reset your pw.
Image
User avatar
Major betiko
 
Posts: 10941
Joined: Fri Feb 25, 2011 3:05 pm
Location: location, location
22

Re: Password Management (attn: Woodruff, et. al.)

Postby Funkyterrance on Tue Jul 09, 2013 8:14 pm

Saxi I always assumed you were a "handcuffed to a briefcase" sort of guy. I think it's great that you are relaxing a little and burying your passwords in a lockbox in your basement or whatever you said. Good for you, man. (^-^)b
Image
User avatar
Colonel Funkyterrance
 
Posts: 2494
Joined: Wed Jan 19, 2011 10:52 pm
Location: New Hampshire, USA

Re: Password Management (attn: Woodruff, et. al.)

Postby saxitoxin on Tue Jul 09, 2013 8:26 pm

betiko wrote:I don t ask myself so many questions. I have a few passwords and change them once in a while. I think it s better to have very little passwords and change them often rather than have one for each thing. I think it s better to find good way to remember your pw, and only you know how your memory works and how you are likely to remember it. You forgot it? No biggie you just reset your pw.


sheesh, you're pretty nonchalant about security - remind me never to sext you
ImageImage
User avatar
Corporal saxitoxin
 
Posts: 12048
Joined: Fri Jun 05, 2009 1:01 am

Re: Password Management (attn: Woodruff, et. al.)

Postby Metsfanmax on Tue Jul 09, 2013 8:47 pm

saxitoxin wrote:OK, I'm officially kicking the following people out of this thread:

Metsfanmax
notyou2
Dukasaur

I need to getting fucking secure and lock my shit down. I don't have time for your shenanigans and shit-ass suggestions. :x :x :x

Thunderbird? For fucks sake. Maybe I should just use a FAX machine!

Image


I could have said Outlook.
User avatar
Sergeant 1st Class Metsfanmax
 
Posts: 6722
Joined: Wed Apr 11, 2007 11:01 pm

Re: Password Management (attn: Woodruff, et. al.)

Postby AndyDufresne on Tue Jul 09, 2013 8:51 pm

http://www.nytimes.com/2013/06/06/techn ... l-now.html

“If you want to avoid having your identity stolen, use long passwords that contain digits, punctuation and no recognizable words. Make up a different password for every Web site. And change all of your passwords every 30 days.”

Have these security pundits ever listened to themselves?

That advice is clearly unfollowable. I currently have account names and passwords for 87 Web sites (banks, airlines, blogs, shopping, e-mail, Facebook, Twitter). How is anyone — even a security professional — supposed to memorize 87 long, complex password strings, let alone remember which goes with which Web site?

So most people use the same password over and over again, and live with the guilt.

There are solutions. Most Mac and Windows Web browsers now offer to memorize passwords for you. But that feature doesn’t work on all Web sites, and is generally of little help when you pick up your phone or tablet. At that point, the only person you’ve locked out of all your online accounts is you.

The only decent solution is to install a dedicated password memorization program (like Roboform, KeePass, LastPass, 1Password, and so on). Last week, one of the best was just improved: Dashlane, now at 2.0. It’s attractive, effective, loaded with timesaving features and available for Mac, Windows, iPhone and Android — and it’s free.

Installation is quick. Dashlane works in Safari, Chrome, Internet Explorer and Firefox. It can import existing password “vaults” from rival programs.

Dashlane has two primary features. First, yes, it’s a password memorizer. Every time you type your account name and password into a Web page and press enter, Dashlane pops up, offering to memorize that information and fill it in the next time.

In fact, it also offers to log you in — not just to enter your password, but also to click “log in” for you. In effect, Dashlane has just removed the login blockade entirely. When you go to Facebook, Twitter or Gmail, you just click your bookmark, smile at the briefest flash of the login screen and arrive at the site.

Since Dashlane is now storing and auto-entering your passwords, you’re now free to follow the security experts’ advice. You can make up long, unguessable passwords — a different one for every Web site, since you don’t have to remember any of them. In fact, each time you sign up for a new account, Dashlane offers to make up such a password for you, and then, of course, to memorize it.

Dashlane’s second huge feature is even more amazing. It can also fill in other kinds of Web site forms: your name/address/phone number, and even your credit card information.

When you’re buying something online, and you click into the credit card number box, Dashlane displays pictures of your credit cards: Visa, MasterCard, American Express or whatever — even PayPal.

When you click the one you want to use, Dashlane instantly fills in the long card number, your name, the expiration date, even that accursed security code, in the right boxes. Every time you order something online, you save between 30 seconds and five minutes, depending on whether you have your card information memorized or have to go burrow through your wallet.

When you make a purchase, Dashlane even offers to store all the details in a digital receipt that you can call up later, along with a screenshot of the Web site where you shopped. This feature makes online shopping so frictionless, every dot-com retailer on earth ought to be promoting Dashlane as if its profits depended on it.

In fact, Dashlane can fill in all kinds of forms automatically: phone numbers, job titles, tax numbers and so on. If you’ve ever recorded multiple answers — you have two different Twitter accounts, say — two tidy buttons appear beneath the name box, bearing the account names. Click the one you want.

Unlike some rival programs, Dashlane doesn’t require you to associate one set of personal information to each “profile.” If you have three addresses, for example, you’re always offered those three when filling in a form. You don’t have to create three personalities’ worth of personal information.

So far, Dashlane probably seems designed for convenience, and that’s true. Behind the scenes, of course, its ultimate goal is security.

No system is foolproof. But Dashlane notes that it doesn’t ever see your passwords or your credit card information. They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency. Your entire Dashlane universe is protected by a master password. It’s intended to prevent a laptop thief from heading online with your missing computer and going on a shopping spree.

In version 2.0, furthermore, you have the option of using two-factor authentication — fancy lingo for an extra layer of security. To unlock Dashlane, you have to enter your master password as well as a code that Dashlane texts to your phone. It’s a pain, yes, but it effectively ruins the day of any ne’er-do-well who was hoping to guess or steal your master password.

Version 2.0 also introduces a convenient security dashboard, which identifies reused and weak passwords. It also eliminates the baffling points system of 1.0, which rewarded you for logging into Web sites. Thank goodness. There are iPhone and Android phone versions of Dashlane — also free and also fantastic.

The other big change in Dashlane 2.0 isn’t quite so joyous. True, Dashlane can wirelessly synchronize all your passwords between your computer and phone, so that the phone, too, automatically enters them as you surf. But in 2.0, that feature now costs $20 a year. (It used to be free, and still is if you used earlier versions of Dashlane. The company does urge the earlier Dashlane fan to make a one-time contribution — $40 seems to be its favorite suggestion.)

An annual fee? Really? That seems a steep charge by a company that, until now, seemed remarkably customer-friendly. Alas, that seems to be the model these days. Dashlane’s archrival LastPass is also free for Mac and Windows computers, and also stores your credit card and other information. But to use LastPass on a phone, you have to pay $12 a year.

Still, Dashlane is much better looking, better designed and easier to use. To fill in credit card information, for example, LastPass requires you to choose a “Choose Profile and Credit Card” command from a menu. Dashlane saves you one step and six pounds of terminology.

It’s not perfect. Each time Dashlane stores a password for you, it also nudges you to put it into a category (e-mail or social media, for instance) and associate it with one of your e-mail addresses. The company says that all of that paperwork is only a convenience — you can click right past it — but it’s still a befuddlement every time.

Now and then, I found a Web site that Dashlane couldn’t auto-log into, too.

And Dashlane doesn’t work in the built-in browser on the iPhone. (No password keeper can, Dashlane says, thanks to Apple’s rigid programming rules.) Instead, it offers its own little iPhone browser. (The Dashlane app for Android also has its own built-in browser now.) It’s fast, it’s almost exactly like Safari and it auto-fills all the Dashlane-ish stuff, but it’s more trouble to find and open.

Still, complaining more than briefly about Dashlane’s drawbacks is like grumbling about the taxes when you win the lottery. It saves you infinite time and hassle, it’s (mostly) free, and it belongs on your computer and phone this very day.



--Andy
User avatar
Corporal 1st Class AndyDufresne
 
Posts: 24919
Joined: Fri Mar 03, 2006 8:22 pm
Location: A Banana Palm in Zihuatanejo

Re: Password Management (attn: Woodruff, et. al.)

Postby BigBallinStalin on Tue Jul 09, 2013 9:22 pm

Envision a 6-drawer dresser from Kohl's.

Each drawer represents some category of all your many accounts (e.g. the emails is the top-left drawer, the ones with your credit card info is the bottom right drawer--you know, where you store your favorite purple dildo, etc.).

Within each drawer, you're going place a unique password. For each password of your emails (suppose: 10), you'll need to slightly change the unique password for each account. So, each one is different, but if you have a mechanism in mind for changing it around, then it's simple to figure out.

    For examples, you could even tie-in two characters from the account name which represent the password, or you can recall that the account name reminds you of some time you've had in Canada with the Mounties. Another way is to reinvent stories behind each account, and tie-in the relevance of each story to a unique password (it's like memorizing Chinese characters, duh!). That helps with memorization.


I don't use the above. I use one password for everything: asdf
Last edited by BigBallinStalin on Tue Jul 09, 2013 9:23 pm, edited 1 time in total.
User avatar
Major BigBallinStalin
 
Posts: 5151
Joined: Sun Oct 26, 2008 10:23 pm
Location: crying into the dregs of an empty bottle of own-brand scotch on the toilet having a dump in Dagenham

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Tue Jul 09, 2013 9:23 pm

saxitoxin wrote:
Woodruff wrote: My recommendation would be to keep the password complexity but reduce the extremely high number of original passwords.


OK, this seems like a good idea. I just checked my first 22 accounts and, of those, 10 have no ability to conduct financial transactions, whereas 12 do (i.e. Amazon, iTunes, etc.). So maybe I'll start by uniforming those 10 passwords.


Getting did of all of your ConquerClub multis would probably help too.
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 5093
Joined: Sat Jan 05, 2008 9:15 am

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Tue Jul 09, 2013 9:23 pm

notyou2 wrote:I recommend cloning yourself. It won't help much in the immediate future but should pay massive dividends in 15 to 20 years.


As I learned from watching the documentary on cloning called "Multiplicity", this is not necessarily true.
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 5093
Joined: Sat Jan 05, 2008 9:15 am

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Tue Jul 09, 2013 9:24 pm

notyou2 wrote:I use the keyboard to formulate a nonsensical word with numbers and upper and lower case letters.

Does anyone else use the keyboard?


What's a keyboard?
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 5093
Joined: Sat Jan 05, 2008 9:15 am

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Tue Jul 09, 2013 9:26 pm

saxitoxin wrote:How strong is your password?

https://www-ssl.intel.com/content/www/u ... rdwin.html

My email password, according to this, says it would take 68 million years to crack, but that doesn't sound right.


That seems unlikely, given the tools available today. Is your password 267 characters long?
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 5093
Joined: Sat Jan 05, 2008 9:15 am

Re: Password Management (attn: Woodruff, et. al.)

Postby saxitoxin on Tue Jul 09, 2013 9:49 pm

Woodruff wrote:
saxitoxin wrote:How strong is your password?

https://www-ssl.intel.com/content/www/u ... rdwin.html

My email password, according to this, says it would take 68 million years to crack, but that doesn't sound right.


That seems unlikely, given the tools available today. Is your password 267 characters long?


15 :(

Metsfanmax wrote:LastPass


just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume
Last edited by saxitoxin on Tue Jul 09, 2013 10:05 pm, edited 1 time in total.
ImageImage
User avatar
Corporal saxitoxin
 
Posts: 12048
Joined: Fri Jun 05, 2009 1:01 am

Re: Password Management (attn: Woodruff, et. al.)

Postby 2dimes on Tue Jul 09, 2013 9:50 pm

Woodruff wrote:
notyou2 wrote:I use the keyboard to formulate a nonsensical word with numbers and upper and lower case letters.

Does anyone else use the keyboard?


What's a keyboard?

*keebored
User avatar
Corporal 2dimes
 
Posts: 12655
Joined: Wed May 31, 2006 1:08 pm
Location: Pepperoni Hug Spot.

Re: Password Management (attn: Woodruff, et. al.)

Postby saxitoxin on Tue Jul 09, 2013 9:51 pm

BigBallinStalin wrote:Envision a 6-drawer dresser from Kohl's.

Each drawer represents some category of all your many accounts (e.g. the emails is the top-left drawer, the ones with your credit card info is the bottom right drawer--you know, where you store your favorite purple dildo, etc.).

Within each drawer, you're going place a unique password. For each password of your emails (suppose: 10), you'll need to slightly change the unique password for each account. So, each one is different, but if you have a mechanism in mind for changing it around, then it's simple to figure out.

    For examples, you could even tie-in two characters from the account name which represent the password, or you can recall that the account name reminds you of some time you've had in Canada with the Mounties. Another way is to reinvent stories behind each account, and tie-in the relevance of each story to a unique password (it's like memorizing Chinese characters, duh!). That helps with memorization.


I don't use the above. I use one password for everything: asdf


I'm not going to do this, but I do think I'm going to get a pre-paid gift card and use it as the only form of payment on iTunes, Amazon, PayPal, etc. That way those places won't have access to my bank account.
ImageImage
User avatar
Corporal saxitoxin
 
Posts: 12048
Joined: Fri Jun 05, 2009 1:01 am

Re: Password Management (attn: Woodruff, et. al.)

Postby Metsfanmax on Tue Jul 09, 2013 10:24 pm

saxitoxin wrote:
Metsfanmax wrote:LastPass


just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


Well, I kind of expected you'd value your comfort over your security, so no big deal.
User avatar
Sergeant 1st Class Metsfanmax
 
Posts: 6722
Joined: Wed Apr 11, 2007 11:01 pm

Re: Password Management (attn: Woodruff, et. al.)

Postby saxitoxin on Tue Jul 09, 2013 10:29 pm

Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:LastPass


just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


Well, I kind of expected you'd value your comfort over your security, so no big deal.


What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.

What I really need is a password diary that I can store on an encrypted USB drive that can only be accessed through a two-factor authentication process. Then I would make 4 USB drives. I would keep one on my keychain, I would keep one in my dresser drawer, I would put one in a safe deposit box and I would keep a fourth at my emergency relocation site. There should be an easy way to plug all four of these into a single computer and sync them all when I update the login credentials for a site.

Does anyone know of something like this?
ImageImage
User avatar
Corporal saxitoxin
 
Posts: 12048
Joined: Fri Jun 05, 2009 1:01 am

Re: Password Management (attn: Woodruff, et. al.)

Postby Metsfanmax on Tue Jul 09, 2013 10:49 pm

saxitoxin wrote:
Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:LastPass


just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


Well, I kind of expected you'd value your comfort over your security, so no big deal.


What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.


You wouldn't be locked out as long as you committed your master password to memory.

What I really need is a password diary that I can store on an encrypted USB drive that can only be accessed through a two-factor authentication process. Then I would make 4 USB drives. I would keep one on my keychain, I would keep one in my dresser drawer, I would put one in a safe deposit box and I would keep a fourth at my emergency relocation site. There should be an easy way to plug all four of these into a single computer and sync them all when I update the login credentials for a site.

Does anyone know of something like this?


What you really need is another person to remember all of your passwords for you.

Image
User avatar
Sergeant 1st Class Metsfanmax
 
Posts: 6722
Joined: Wed Apr 11, 2007 11:01 pm

Re: Password Management (attn: Woodruff, et. al.)

Postby 2dimes on Tue Jul 09, 2013 10:53 pm

Metsfanmax wrote:

Image


That's one key short.


User avatar
Corporal 2dimes
 
Posts: 12655
Joined: Wed May 31, 2006 1:08 pm
Location: Pepperoni Hug Spot.

Re: Password Management (attn: Woodruff, et. al.)

Postby rishaed on Tue Jul 09, 2013 11:02 pm

saxitoxin wrote:
Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:LastPass


just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


Well, I kind of expected you'd value your comfort over your security, so no big deal.


What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.

What I really need is a password diary that I can store on an encrypted USB drive that can only be accessed through a two-factor authentication process. Then I would make 4 USB drives. I would keep one on my keychain, I would keep one in my dresser drawer, I would put one in a safe deposit box and I would keep a fourth at my emergency relocation site. There should be an easy way to plug all four of these into a single computer and sync them all when I update the login credentials for a site.

Does anyone know of something like this?

Sure you pull up a Word doc. Put your passwords on it then encrypt and Password it (unsure of security from Word docs with such things). Choose a passphrase thats easy to remember hit save as and save it on your four flash drives and Voila. 8-[
aage wrote: Maybe you're right, but since we receive no handlebars from the mod I think we should get some ourselves.

Image
User avatar
Corporal 1st Class rishaed
 
Posts: 1052
Joined: Fri Jul 20, 2007 8:54 pm
Location: Somewhere in the Foundry forums looking for whats going on!

Re: Password Management (attn: Woodruff, et. al.)

Postby isaiah40 on Tue Jul 09, 2013 11:36 pm

AndyDufresne wrote:
No system is foolproof. But Dashlane notes that it doesn’t ever see your passwords or your credit card information. They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency.



--Andy

I have a problem with a program approved by the NSA. It just means the NSA can easily gain access your private info, just like they gained access to your phone records.
Lieutenant isaiah40
 
Posts: 3990
Joined: Mon Aug 27, 2007 7:14 pm

Re: Password Management (attn: Woodruff, et. al.)

Postby saxitoxin on Tue Jul 09, 2013 11:54 pm

Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:LastPass


just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


Well, I kind of expected you'd value your comfort over your security, so no big deal.


What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.


You wouldn't be locked out as long as you committed your master password to memory.


How would you not be locked out? I thought LastPass stored your passwords locally?

rishaed wrote:Sure you pull up a Word doc. Put your passwords on it then encrypt and Password it (unsure of security from Word docs with such things). Choose a passphrase thats easy to remember hit save as and save it on your four flash drives and Voila.


That seems like the best idea yet. Would this work? Woodruff?
ImageImage
User avatar
Corporal saxitoxin
 
Posts: 12048
Joined: Fri Jun 05, 2009 1:01 am

Re: Password Management (attn: Woodruff, et. al.)

Postby nietzsche on Wed Jul 10, 2013 12:43 am

I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox
el cartoncito mas triste del mundo
User avatar
General nietzsche
 
Posts: 4597
Joined: Sun Feb 11, 2007 1:29 am
Location: Fantasy Cooperstown

Re: Password Management (attn: Woodruff, et. al.)

Postby saxitoxin on Wed Jul 10, 2013 1:04 am

nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox


Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.
ImageImage
User avatar
Corporal saxitoxin
 
Posts: 12048
Joined: Fri Jun 05, 2009 1:01 am

Re: Password Management (attn: Woodruff, et. al.)

Postby BigBallinStalin on Wed Jul 10, 2013 2:06 am

saxitoxin wrote:
nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox


Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.


I'd be concerned about letting it float over Dropbox. Seems like you're risking greater chances of having your files being intercepted---relative to simply keeping things on local USBs + word doc.
User avatar
Major BigBallinStalin
 
Posts: 5151
Joined: Sun Oct 26, 2008 10:23 pm
Location: crying into the dregs of an empty bottle of own-brand scotch on the toilet having a dump in Dagenham

Re: Password Management (attn: Woodruff, et. al.)

Postby Metsfanmax on Wed Jul 10, 2013 5:41 am

saxitoxin wrote:
Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:LastPass


just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


Well, I kind of expected you'd value your comfort over your security, so no big deal.


What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.


You wouldn't be locked out as long as you committed your master password to memory.


How would you not be locked out? I thought LastPass stored your passwords locally?


No, that would be too insecure. LastPass doesn't store your password anywhere. What happens is that your master password basically acts as a hashing function, and the only thing stored on their server is the hash. Your master password acts as a key that allows them to decrypt that into a real password, but basically the only way for anyone to get the real passwords is to use your computer when you're logged in.
User avatar
Sergeant 1st Class Metsfanmax
 
Posts: 6722
Joined: Wed Apr 11, 2007 11:01 pm

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Wed Jul 10, 2013 5:56 am

saxitoxin wrote:just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


I'm pretty sure that's a setting in your web browser causing that request to remember the password. I don't recall the specifics, but I think it happens when you have a setting that allows cookies (perhaps...I could be misremembering, as Unix is my strength, not Windows).
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 5093
Joined: Sat Jan 05, 2008 9:15 am

PreviousNext

Return to Practical Explanation about Next Life,

Who is online

Users browsing this forum: bigtoughralf