|
Carthoris posted:Can you elaborate on the reasoning for this? Any theoretical vulnerabilities with LastPass? Assuming you have a strong pass-phrase that isn't used anywhere else and use TFA what is wrong with LastPass that local password management like KeePass solves? To provide a second point of view, its not that LastPass is bad per se, just that there are plenty of better choices, including a completely free one, that lack a lot of the worries around LastPass that theres no good reason to use it over the alternatives.
|
# ¿ Aug 11, 2015 15:12 |
|
|
# ¿ May 2, 2024 05:37 |
|
Geemer posted:Serious question: Why is everyone so convinced using a password manager is a good idea? To me it just seems like putting all your eggs in one basket. Whats harder for most people, remembering one complex password thats computationally impossible to crack or multiple complex passwords that are all computationally impossible to crack? In which situation are most people more likely to slack off and reuse passwords or use weak ones? My point is, yes, the best possible method is memorizing dozens of randomly generated passwords, however very close to no one is able to do that in real life. Password managers provide a solution that improves security over the current real world method most people use by allowing them an easy way to use a different highly complex password for every website, while only minimally reducing security compared to the best possible method through having a single password protecting all of them. That its "one basket" doesn't matter very much if the basket is securely made. Take for example, 1password which uses PBKDF2-HMAC-SHA512 with at default 25,000 iterations. Lets say you have a copy of my 1password vault for which the current password is 16 characters long and only made of letters and numbers. Currently, oclHashcat64 the fastest hash cracking software, gets about 1000 guesses a second on a top of the line graphics card against 1password vaults. Lets assume you spin up 100,000 AWS instances with comparable power because you really wanna crack this drat thing and have a ton of money to burn on it. So you're getting 100 million guesses a second. It will take (36^16)/(100,000,000*60*60*24*365) or about 2,523,674,882 to try every possible guess, for a statistical likely hood of finding my password in 1,261,837,441 years. I'm happy to send you my 1password vault if you wanna test it for yourself.
|
# ¿ Sep 16, 2015 19:26 |
|
Geemer posted:Thanks for the replies, it makes a bunch more sense when you put it like that. These aren't bad, and are comparable to other password managers, though in general they use less secure methods for storing the passwords. Like hooah alluded to, last I checked Chrome stored the passwords in plain text unless you're on OSX where it uses Keychain. Safari uses Keychain on OSX as well. Firefox uses a master password with 3DES which is a bit better as its not tied to the system password. One other benefit is other than syncing across devices, things like 1password/keepass are also easier to use across applications. I pretty regularly use Firefox, Safari, and Chrome, so being able to use 1password from all of them is pretty nice. Also makes it easier to store passwords for applications like Skype/Steam/etc.
|
# ¿ Sep 16, 2015 20:43 |
|
turbomoose posted:Recently when browsing SA and some other websites (usually news articles) my screen will go blank and then come back at the top of the webpage. So if it's a long webpage it will be scrolled to the top. I want to stress that the page has not been refreshed due to this, just changed how far down I have scrolled. This isn't really the correct thread for tech support but good lord update to Windows 10 already.
|
# ¿ Mar 30, 2016 23:31 |
|
Non Serviam posted:When I had a Mac, I used an app called "little snitch," and which allowed me to monitor and/or kill any outbound connection. So far my search for a windows alternative has been fruitless. Netlimiter https://www.netlimiter.com/ Glasswire https://www.glasswire.com/ Windows10 FirewallControl http://www.sphinx-soft.com/Vista/order.html Regarding usefulness, I personally find running one constantly annoying as hell and just results in security warning fatigue where you just click allow blindly every time it pops a notification. That said I have up to date licenses for Little Snitch and Netlimiter cause I find them really useful for tracking down weird network behavior. The latest example was a buggy Adobe updater that burned my fiancée's entire month of data in three days downloading the same file over and over.
|
# ¿ Sep 3, 2016 02:34 |
|
hello what is this thread doing in the yospos
|
# ¿ Jan 20, 2017 21:31 |
|
|
# ¿ May 2, 2024 05:37 |
|
apseudonym posted:Your phone is far more secure than your desktop, its fine really. This. Unless you're running a rooted phone and installing a bunch of sketchy non-Play Store apps in which case stop doing that.
|
# ¿ Aug 28, 2017 22:43 |