Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Password app



On 10/10/2014 11:55 AM, Mike Small wrote:
> "Greg Rundlett (freephile)" <greg at freephile.com> writes:
>
>> I found a new password app that looks pretty interesting.  It generates
>> passwords based on a master key, and site name, so there is nothing to
>> "lose".  There are some cons,
>
> So the difference between this and a traditional password keeper is that
> if they can guess or acquire your master passphrase they don't also
> have to get access to the password database file on one of your devices
> (there being none) to have all your site passwords. How is this an
> improvement?

Because you don't have to keep a that "password database file" on 5 
different backup devices (and keep it updated on all your backup copies 
every time you add one).  It's certainly not a security improvement. 
It's a usability improvement at the expense of security.

There are a lot of sites that I would be more than willing to make that 
tradeoff for.  I don't care too much if someone spends a lot of effort 
guessing my dominos.com login.  So they can see what pizza I order, big 
deal (FWIW, I don't ever store cc details with on-line stores; I use 
one-time virtual numbers).

I wouldn't use such a password manager for things I care about securing 
(banks, cc, etc).

Interesting side note though: they'd also have to guess your username. 
If you used the same app with a different password to generate 
usernames, you could double the security ;-)

Matt




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org