On 10/10/2014 11:55 AM, Mike Small wrote:
"Greg Rundlett (freephile)" <g...@freephile.com> writes:
I found a new password app that looks pretty interesting. It generates
passwords based on a master key, and site name, so there is nothing to
"lose". There are some cons,
So the difference between this and a traditional password keeper is that
if they can guess or acquire your master passphrase they don't also
have to get access to the password database file on one of your devices
(there being none) to have all your site passwords. How is this an
improvement?
Because you don't have to keep a that "password database file" on 5
different backup devices (and keep it updated on all your backup copies
every time you add one). It's certainly not a security improvement.
It's a usability improvement at the expense of security.
There are a lot of sites that I would be more than willing to make that
tradeoff for. I don't care too much if someone spends a lot of effort
guessing my dominos.com login. So they can see what pizza I order, big
deal (FWIW, I don't ever store cc details with on-line stores; I use
one-time virtual numbers).
I wouldn't use such a password manager for things I care about securing
(banks, cc, etc).
Interesting side note though: they'd also have to guess your username.
If you used the same app with a different password to generate
usernames, you could double the security ;-)
Matt
_______________________________________________
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
