On Mon, Dec 17, 2012 at 11:55 AM, Fabrizio Giudici < [email protected]> wrote:
> On Mon, 17 Dec 2012 09:48:35 +0100, Jan Goyvaerts <[email protected]> > wrote: > > I'm using Lastpass <https://lastpass.com/> - it logs in for you, >> generates >> >> impossible passwords, has a plugin for many browsers, seems to have >> integration with Linux systems too. It has an ios app, but never used >> that. >> >> I don't even know the passwords of the sites any more. I just know it's >> all >> different 20+ characters random crap. I only know the master password. :-) >> > > It's what I'd like to do - but who guarantees that Lastpass is secure? > That it stores passwords correctly encrypted? That it doesn't leak them in > memory? That it doesn't send them to a server? > You have to take the word of the owner's of Lastpass of course... And when THEY get hacked you're in deep .... As everything in security it's all about who trusts who. Personally, I'd think LastPass is safe. What I'd appreciate is that they would also know how to handle password changes. That I can reset all my passwords in batch. :-) > > Until somebody convinces me of the safety of these tools (*) I keep the > non-critical passwords (e.g. forums) stored in my browser, and the critical > ones (e.g. money-related, etc...) in a plain text file stored in a USB key > encrypted with Truecrypt, that I only mount when needed. This involves that > I don't do anything critical with my Android phone. > What backup plan do you have in case you lose the usb stick, erase it by accident, ... ? :-) > > > (*) Honestly, I think it's very hard to do. It would involve at least: > that the tool is open source, that it has been reviewed by some experts and > that I can install the application from a build I do by myself. > > -- > Fabrizio Giudici - Java Architect @ Tidalwave s.a.s. > "We make Java work. Everywhere." > http://tidalwave.it/fabrizio/**blog <http://tidalwave.it/fabrizio/blog> - > [email protected] > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
