Why? The companies can't see the data - it's encrypted. No different to you logging into internet banking and putting in your details via ssl.
Password Manager Recommendations
- Thread starter WuMyster
- Start date
big difference, some random company vs Your Bank.
Theirs no way you would know if they updated their software to read your encrypted data. Or worse A hacking group took over the software & released updated version which sent a copy of your data to the hackers
You have no way of knowing that before its encrypted its not sent somewhere or stored else where to be sent later on.
your trusting joe blogs. Then comparing Joe blogs Software practices to the likes of SSL ecnrypted Bank.
can the bank be unsafe, yes but lot less likely than random Programmer
and before you ask every site i visit i use a unique password with 2FA. i also do not use Mobile version of any apps.
all my passwords are changed every 2-4 Months and all the passwords are stored in my head. oh and where available their over 30 characters long
Soldato
- Joined
- 18 May 2010
- Posts
- 23,610
- Location
- London
I use http://keepass.info/ at work.
Now downloaded enpass on my machine and imported passwords from lastpass. The backup functions seems more straightforward than I thought.
I'm sorry but a lot of what you've written is wrong.
Please provide evidence that someone like OnePass or Lastpass can just update their software to read 256 bit encrypted data. Because if they can, I'm sure the NSA would be knocking at their door as to how they do it.
im not saying Current Data, im saying Future data.
You have no way of knowing that before its encrypted its not sent somewhere or stored else where to be sent later on.
your putting all your trusted passwords into a program run by a nobody, if you want to do that go ahead. i will never do this
What do you mean by "future data"?
Good article by Troy Hunt on password managers here:
https://www.troyhunt.com/password-m...y-just-have-to-be-better-than-not-having-one/
The only way to ensure that data isn't leaked prior to encryption is to only ever think and never let it leave your thoughts. These password managers are secure, your larger risk is the safety of your host device as that makes the easiest target.
I doubt you'd be an interesting target mind, most malware doesnt hurt you directly, it turns your device into a weapon against someone worth attacking.
What you're talking about is illegal for the company to do. They're not some "random bloke" they're a company just like any other. In many ways i'd have more trust in a single bloke who's name i can find than the faceless generally pretty terrible banks of the world lol.
This argument is great, same for things like autonomous vehicles. They'll never be perfect but quite frankly humans are awful drivers and easy to replace lol.
Almost all the people I know bar the students who were on my software eng degree use the same password for everything or extremely bad passwords with no 2fa etc. A password manager can only do good for the majority of people lol.
you have no way of knowing that future Passwords are not leaked before they encrypted
if you guys want to use it go ahead, not stopping you. What i'm saying is i don't trust them & feel their not secure. i'm pretty unique case though every site i visit has a unique password made up of random characters/strings & symbols & as long as possible, my longest password is 51 characters . All of these are remembered in my brain through repeatedly using them over & over. Then All passwords are changed every 2-6 Months.
i know not everyone does this. so for me a password managers are pointless. I still feel their not secure though, to many variables where data could be breached for me.
regarding host breach, any sites related to Purchases go through a on the spot VM
He could monitor his network traffic, but the threat you're describing is rare. You need to focus on the bigger picture.
1) No need to remember many complex passwords
2) Less likely to have an account compromised
Why?
Most people can't do that. Remembering tens if not hundreds of complex passwords is next to impossible.
Guests can't be trusted once the host is compromised.
why? - so if my password is leaked in a Attack on X business they are out of date.
i agree guests can't be trusted, but this PC only Plays games & visits a few Sites, Youtube,OCUK,Spotify. then all purchases are done in VM. Others are loaded sites are on another PC
So i have just installed keepass on a usb drive looks ok am curious though what would you NOT store on the drive by way of passwords?
would you store bank card details on it?
would you store bank login details on it?
at the moment mine are all stored in my head, the only passwords i have saved by way of keepass or lastpass are general websites etc
would you store bank card details on it?
would you store bank login details on it?
at the moment mine are all stored in my head, the only passwords i have saved by way of keepass or lastpass are general websites etc
What's the likelihood?
Not to mention the effort it takes to update and memorise many passwords on a regular basis.
Here is a 30-character password generated with LastPass:
gpSWR@w^R%EFq3eR*yxFS%Hun#%f6R
If you're telling me you can reliably remember a unique password like that for each website you use, without writing it down - I don't believe you.
Quite.
Apart from all encryption and decryption is done locally on the devices you are using.
Dont trust the client? Compile your own CLI version from source. https://github.com/LastPass/lastpass-cli
most sites wont allow you 30 characters but an example of something i would do would be:
(!!BF21@prdl*4582*Gemt!!_7757&8241Mat^us)
when i create passwords i use certain rules to make passwords easier to remember across multiple sites
for example here
each 4 characters is broke up by a Symbol.
is it as crazy as Lasstpass, no but its still very good
