[Discuss] Password managers

Doug sweetser at alum.mit.edu
Tue May 5 20:27:03 EDT 2020 

One nice perk of lastpass: it will give you an overall security score for
every password you have. It took quite a bit of dull work over a few weeks,
but my security score is at 95%. The reason it is not higher: shared
passwords with the misses.

Lastpass or 1Password are still not good enough.

What if someone gets your Gmail account password? They see you have
lastpass. They get the reset sent to the Gmail account. Lastpass has
fidelity credentials. All the savings get stolen using a laptop.

This is why I spent $100 to get a pair of Yubikeys. This is a physical
thing that fits in a USB-A slot or uses NFC for the phone. You could steal
my master password for lastpass and still not get in because lastpass will
demand the Yubikey generated key.

What convinced me to buy the product is that all google employees had to
have it to block sophisticated phishing exploits. Google has since migrated
to their own version of the same thing.

It is a little inconvenient, yet my fear of getting completely drained is
too great. I cannot convince my wife to do this.

Doug

I have spent

On Tue, May 5, 2020 at 7:37 PM Rich Pieri <richard.pieri at gmail.com> wrote:

> On Tue, 5 May 2020 17:47:43 -0400
> Jerry Natowitz <j.natowitz at gmail.com> wrote:
>
> > I've decided it is time to start using strong unique passwords on all
> > sites.  What products will work on Linux/gnu, Linux/Android, and
> > Windows 10?  Is the integration to the O/S, the window manager, or
> > the web browser?  Looking for something that will work transparently
> > across all the mentioned platforms, and possibly also Mac/iPhone.
>
> So. I'm on an entirely different tack from the cloud-based providers. I
> use zx2c4's pass to store passwords
>
> https://www.passwordstore.org/
>
> and the browserpass extension for filling in web site forms. I use
> SyncThing with my home server to keep my password store synchronized
> across machines.
>
> --
> Rich Pieri
> _______________________________________________
> Discuss mailing list
> Discuss at lists.blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list