On Mon, 17 Dec 2012 09:48:35 +0100, Jan Goyvaerts <[email protected]>
wrote:
I'm using Lastpass <https://lastpass.com/> - it logs in for you,
generates
impossible passwords, has a plugin for many browsers, seems to have
integration with Linux systems too. It has an ios app, but never used
that.
I don't even know the passwords of the sites any more. I just know it's
all
different 20+ characters random crap. I only know the master password.
:-)
It's what I'd like to do - but who guarantees that Lastpass is secure?
That it stores passwords correctly encrypted? That it doesn't leak them in
memory? That it doesn't send them to a server?
Until somebody convinces me of the safety of these tools (*) I keep the
non-critical passwords (e.g. forums) stored in my browser, and the
critical ones (e.g. money-related, etc...) in a plain text file stored in
a USB key encrypted with Truecrypt, that I only mount when needed. This
involves that I don't do anything critical with my Android phone.
(*) Honestly, I think it's very hard to do. It would involve at least:
that the tool is open source, that it has been reviewed by some experts
and that I can install the application from a build I do by myself.
--
Fabrizio Giudici - Java Architect @ Tidalwave s.a.s.
"We make Java work. Everywhere."
http://tidalwave.it/fabrizio/blog - [email protected]
--
You received this message because you are subscribed to the Google Groups "Java
Posse" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/javaposse?hl=en.
