On 12.04.2014 08:02, Walter Bright wrote:
On 4/11/2014 8:30 PM, Steven Schveighoffer wrote:
Of course, it means you have to accept their word, and trust their
competency. I
tend to doubt that somehow this is all a ruse and they are in cahoots
with the NSA.
I agree that it is pretty unlikely they are in league with the devil.
But what would happen to you if all your passwords got lost or
compromised? How much trouble would it be? All your bank accounts? All
your email accounts? All your professional accounts? All your accounting
stuff? Suddenly you're cut off from all of it? The risk may be small,
but the potential damage could be very high.
True. But that could happen with any of those sites individually too.
And a company whose only business goal is to keep passwords secure is
probably harder to hack into that companies which have a different focus
and might not invest as much into security.
Most accounts you could get back through password recovery, so the only
important ones are your email and bank accounts, where imo you should
really have two-factor authentication.
Security is always a tradeoff between convenience and protection. I find
lastpass is a good one, being super convenient and with good enough
protection, but I think it's good to think about all the possible
scenarios and decide if you are willing to take the corresponding risks.
Ultimately there's no right answer, everybody has to decide on the
tradeoff on his own.
