On Fri, 11 Apr 2014 11:57:27 -0400, Dicebot <[email protected]> wrote:
On Friday, 11 April 2014 at 15:50:47 UTC, Steven Schveighoffer wrote:
On Fri, 11 Apr 2014 11:39:33 -0400, Dicebot <[email protected]> wrote:
On Friday, 11 April 2014 at 12:18:38 UTC, Steven Schveighoffer wrote:
If, after the last year of hacking, and the heartbleed bug, people
are not using password tracker/generators, you haven't learned
anything :)
Remembering 15-20 different passwords is less of a burden to me than
regularly verifying the code of password tracker browser extensions
and infrastructure involved. And blindly using 3d-part tool for
something that critical just does not make sense.
So you don't use browsers? Or did you write your own?
-Steve
Don't use browser password managers for sure and don't use closed source
browsers :) Trusting that it does not bluntly dump my text from all html
inputs is necessarily evil borderline I need to not cross, that is true.
If source is worked with by many different people continuously, it at
least takes some skill to inject some security hole comparing to random
3-d party tool no one even looks inside.
Do you put a foil hat on your computer too? ;)
I understand what you are saying, but I don't think it's even remotely
likely something like that would happen, due to the possible reputation
lost. You're more likely to be attacked via the server accepting the
password than the browser. The truth probably is that nobody will likely
have access to either of our accounts. There are enough people out there
who use "12345" and "password" as their main passwords, that there isn't
much reason to go after paranoid people like you and me. We can't be 100%
sure of all code we use, so it's really just a matter of personal choice
what level of trust to have.
-Steve
