I was always worried about that before I started LastPass, so I had already turned off the feature of saving passwords in my browsers, and cleared out already saved ones. That left me with having to remember passwords or writing them down somewhere, or equally bad, storing them in a file somewhere on the computer, or using the same password for many accounts.
What I like about LastPass (and I assume the same applies to 1Password, DashLane, etc.) is that I only have to remember one pass phrase, and I make sure my setup does not store the pass phrase (it’s only in my head). Even LastPass doesn’t have it, as all the encryption/decryption is done locally. What is stored on their servers is my encrypted blob, which gets automatically synchronized to any browser that I have installed, even across machines. Perhaps it’s naive on my part, but I do trust that even if someone gets a hold of my encrypted blob, it is for all practical purposes just an impenetrable blob of random bits as long as nobody gets a hold of my pass phrase, which is stored nowhere but in my head. I went with LastPass mainly because they were the only company that I found that provided the “sync your encrypted blob to all your devices” for free. There was a way of doing so with 1Password to manually sync using DropBox, but I got lazy and went with the one that provided that feature for free. Of course, in all this, I’m talking about free as in beer, not free as in freedom. Gary On Apr 19, 2014, at 4:15 AM, Robert Holmes <[email protected]> wrote: > > On Fri, Apr 18, 2014 at 8:34 PM, Barry MacKichan > <[email protected]> wrote: > Since I use a password manager (1Password) there is very little cost in > keeping a 20-character password (which I never type anyway) even for those > sites with 2-factor authentication. > > Doesn't this make those accounts highly insecure with respect to actual > physical theft of your laptop (which I'm guessing is more common than > identity theft)? If someone steals your computer do they then have access to > all the sites whose credentials you have stored in 1Password? > > I must admit, this is the one issue that has kept me from adopting 1Password, > LastPass etc. I'm lazy and I just know that at some point I would hit the > "Save this password?" button when prompted by my browser and bang, there goes > my security. > > —Robert > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
