Mick wrote: > On Tuesday 21 Jul 2015 02:40:54 Dale wrote: >> >> >> I use the random generator too. Some older sites, forums or something >> that isn't really sensitive, may still have my old passwords but sites >> like banking and such each have their own random generated one. I also >> try to generate the longest and most complex password the site will >> allow. Some sites don't allow the characters above the number keys. >> >> Another thing, I was at my brothers once and needed to login to a site. >> I installed lastpass, typed in my email and master password and I could >> go anywhere I wanted just as if I was sitting at my own puter. If it >> wasn't for lastpass, I would have had to come home and do what needed >> doing. >> >> So far, this is the best solution I have found and I only use the free >> part. ;-) >> >> Dale >> >> :-) :-) > > A better, as in more secure, solution should involve local encryption and IMHO > local air-gapped storage. A USB key will do nicely and you can have a second > USB key stored in your brother's premises, for disaster recovery scenarios. > This is because cloud storage: > > a) creates a honey pot which attracts attacks[1] and > b) most of cloud storage is in the US. > > [1] https://en.wikipedia.org/wiki/LastPass#Security_issues >
From what I recall about Lasspass, it does encrypt the data locally then uploads it. I recall reading that if you lose your master password, they can't get in it either. All they get is encrypted data. Of all the things I read about when looking for a password manager, Lastpass was the only thing that came close to what I wanted. After using it a while, it is all I need. https://lastpass.com/how-it-works I've had USB sticks break before. They are also easy to lose. I'd prefer not to store something that important on a USB stick. Dale :-) :-)
