dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1029
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable

1 recommendation

Critical Vulnerabilities In Web-Based Password Managers Found

»it.slashdot.org/story/14/07/14/1···rs-found

"A group of researchers from University of California, Berkeley, have analyzed five popular web-based password managers and have discovered vulnerabilities that could allow attackers to learn a user's credentials for arbitrary websites. The five password managers they analyzed are LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword. "Of the five vendors whose products were tested, only the last one (NeedMyPassword) didn't respond when they contacted them and responsibly shared their findings. The other four have fixed the vulnerabilities within days after disclosure. 'Since our analysis was manual, it is possible that other vulnerabilities lie undiscovered,' they pointed out. They also announced that they will be working on a tool that automatizes the process of identifying vulnerabilities, as well as on developing a 'principled, secure-by-construction password manager.'"

Hence, why I don't use them.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
kudos:5

1 recommendation

Never trusted them either.


Chubbzie

join:2014-02-11
Greenville, NC

2 recommendations

reply to antdude
Well hello website/db that I have no control over, please take all of my passwords and share freely amongst whomever you choose. Hell I don't even trust myself to keep my authentication credentials, what if I inadvertently mumble in my sleep?


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1

2 recommendations

reply to antdude
Never used them either. Top rule in my book, never share your passwords with anyone.
--
Chris
Living in Paradise!!


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

2 recommendations

reply to antdude
said by antdude:

Hence, why I don't use them.

Yes, I've avoided them due to my lack of trust in the whole idea.
--
AT&T Uverse; 2Wire 3800-HGV router; openSuSE 13.1; KDE 4.11.5; firefox 30.0


OldCableGuy3

@207.191.193.x
reply to antdude
Notice KeePass is not in that list, used stand alone (without browser plugin) and in local file mode it is completely secure.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to antdude
I've always used KeePass.
Never felt confident using LastPass or any of those other ones mentioned.


Trihexagonal

join:2004-08-29
US

1 recommendation

reply to antdude
My password manager is a folder on a USB stick I keep encrypted text in.


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
reply to antdude
Another KeePass user here.


SwedishRider
Rider on the Storm
Premium
join:2006-01-11
not Sweden
kudos:1
reply to antdude
I've always liked 1Password since it's based on a local file rather than web-based and has an easy Firefox extension to enter passwords. And I don't use DropBox to sync the encrypted file among devices... too much risk there.


martg

join:2005-11-19

1 recommendation

reply to antdude
I use LastPass and have done so for a while. It's not used for logins involving financial dealings. These login details are kept elsewhere. However, for other sites that need a login (such as forums) LastPass is very handy.

I'll probably keep using LastPass but if any posts with my username appear containing advertising or foul language, you'll know that the password for here has likely been cracked ..or at least that's what I'm going to claim.


Antonica
Premium
join:2002-09-02
kudos:1
reply to antdude
What is KeePass?

drjenkins

join:2005-03-30
Bealeton, VA
KeePass, the free, open source, light-weight and easy-to-use password manager.

»keepass.info/


Antonica
Premium
join:2002-09-02
kudos:1
Thanks. You said it stores it locally? Is there anyway to have it on your phone as well?

drjenkins

join:2005-03-30
Bealeton, VA
said by Antonica:

Is there anyway to have it on your phone as well?

Android?
»play.google.com/store/apps/detai···.keepass


Krisnatharok
Caveat Emptor
Premium
join:2009-02-11
Earth Orbit
kudos:12

1 recommendation

reply to antdude
I use Lastpass. Never had compromises. Glad to know they were on top of the fix.


rfhar
The World Sport, Played In Every Country
Premium
join:2001-03-26
Buicktown,Mi
reply to antdude
I use Keepass also cuz I am too paranoid to trust anything left on the net as a target for some geek who wants to prove nobody can stop him/her from getting into the site and at the info.

TheMG
Premium
join:2007-09-04
Canada
kudos:3

3 recommendations

reply to antdude
My password manager: pen and paper.

Go ahead, try to hack that over the internet. Good luck.


HA Nut
Premium
join:2004-05-13
USA

1 recommendation

reply to antdude
I just checked and I have 267 unique passwords. I need and use my passwords all the time. Pen and paper is not an option for me.

The only other password app I'd consider other than LastPass is KeePass. KP can be used over multiple devices and computers but it is much less convenient than LP. (I understand that convenience can be the enemy of security.) So I have to decide on a balancing act between the 2 approaches.

The bugs in LP they found never affected me. And LP jumped on fixing them. With this in mind, I will continue to use it.

I'll continue to watch things. We'll see how it all goes...


dib22

join:2002-01-27
Kansas City, MO
reply to Antonica
said by Antonica:

Thanks. You said it stores it locally? Is there anyway to have it on your phone as well?

If your on ios this version has been pretty nice

»itunes.apple.com/us/app/minikeep···808?mt=8


Antonica
Premium
join:2002-09-02
kudos:1
reply to drjenkins
Yeah I have android. Thanks for that. I have LastPass right now but never put anything on my phone. I may try KeePass on my phone and see which one works best.


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
I use KeePass on my phone, a Samsung Galaxy S4. I like it.
--
Chris
Living in Paradise!!

Carr

join:2003-06-20
Mobile, AL
Another Keepass user here, KeepassX- the OSX version. Simple, apparently safe and free. The fact that the program did not have options to store on the cloud and was not incorporated in a browser were the 2 reasons I chose it.

Regards

TheMG
Premium
join:2007-09-04
Canada
kudos:3
Reviews:
·NorthWest Tel

1 recommendation

reply to TheMG
said by TheMG:

My password manager: pen and paper.

Oh, and about the physical security implications of writing down passwords, I have a little system that would make it somewhat difficult for someone to figure out. There are two columns: one containing a hint to the password, and the other containing a hint to which website/service the password is for. No complete passwords are written. At first glance the stuff written on the piece of paper would probably look like random nonsense.

A really smart person could potentially figure it out if they sat down and studied the patterns carefully, but it would take some serious effort, and that's if they ever guessed the purpose of the piece of paper in the first place and didn't discard it as random gibberish.