[Discuss] Password managers

[Kent Borg]

On 5/6/20 8:26 PM, Kent Borg wrote:
> Which is near where we started. By having passwords so cumbersome that 
> they require convenience-driven password management you are betting 
> that your password manager software is, for some magical reason, 
> bug-free.

Choose and deploy password in such a way that you can survive many bugs.

What if my password encryption has a really bad flaw? No big deal if I 
also go to significant effort to prevent anyone from getting a copy of 
it. By having a limited feature password database it is possible to put 
a layer of security around it. But if it is sitting between you and the 
internet, doing stuff automatically, then it is *on* the internet. And 
you should be scared.

Most people should keep their password list, somewhat obfuscated, hand 
written, on paper, and then guard that paper carefully, as though it 
were very important.

And they should keep an "offsite" backup hand copied on paper. (No 
photos, photocopiers, they are just computers these days.)

-kb