In our multi-device world you’ll likely need to share your password datastore between devices. Those few places that are very important use a passphrase. For example, I would recommend not using one for your financial sites. There are some places I would recommend not using a password manager. When considering password security choose the one that’s more secure for you rather than seeking the perfect option. But, will it be more secure? For most people the professional solution is the more secure one. A system that focuses on security and handling issues that come up. In a distributed device world where we need passwords on more than one system it’s good to go with a system that does this for you. Neither is perfect but when you weigh the differences the password manager comes out as more secure. For example, for most people it’s more security to use a password manager than to use the same password everywhere. There is no such thing as perfect security. Note, I’m not recommending a particular password manager on purpose. It’s more secure than using the same password everywhere. So, use a password manager if you can’t otherwise have a different password for each site. That is, until we can stop using passwords for something better. This is where a password manager is useful. For the rest of us we need a system to help. With all the sites we connect to we it’s difficult to remember a different password for each site. You can’t trust that a site you submit it to will store it securely so that it won’t be misused to access other sites. There’s a good reason to have a different password or passphrase for different sites. Is a 1Password or KeePass alternative setup actually more secure in practice? 3. It’s a matter of considering the alternatives and the security measures around them. Or, the service could have been hacked but since it’s not password specific who would have suggested changing the master password? A malicious program on one of their systems could have taken their vault and sent it to an attacker. Consider a 1Password or KeePass user who stores their information in Dropbox or a similar service. Now, let’s consider an alternative option. They detected the problem and are going the extra mile to protect their users. LastPass Responded To The BreachĮven though the password vaults were not taken LastPass is having everyone change their vault password. That’s right, many of the places you put personal information couldn’t do what LastPass did. Even many of those that could detect a breach wouldn’t be able to tell you what was affected. Many organizations won’t detect if they have been breached. I can’t overstate how nice that is to hear. And, they detected there was a problem and enough monitoring in place to distinguish what was effected. While some information was obtained the actual vaults of passwords were not downloaded. From the LastPass announcement of the breach we can see these two things in action. Two of the elements of an organization that takes security seriously are keeping certain pieces of data separate and detecting when a breach occurs. The most up to date systems still suffer from zero-day exploits. Computers not connected to the Internet, that don’t even have a network card, have been hacked across an air gap using their speakers and mic. Since we can’t get rid of passwords just yet we need to manage them well. With that in mind, this seems like a good time to talk about password security and LastPass with some rational ideas. From this there has been a fair amount of FUD circulating and not enough rational thought. LastPass, the password manager that lets you manage your passwords between different devices, was recently hacked.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |