Good tool for passwords?
- Thread starter NewbGTD
- Start date
Don't you guys worry about losing all your passwords, if you lose your hard drive via a virus or simply it getting brocken? If you manage to back them up somehow, does that leave you with a file that could be looked at by someone else?
I personally have all my passwords (not to mention all the various usernames and logins) in private memos on my Palm which is backed up on my computer. I assume my Palm and computer won't go down together! I need one remembered password to see the files.
But in case someone gets that password or finds a way of accessing the memos I have them in code form as in: "whereisbrokenbridge?2003" so someone won't be able to guess what it is unless they know what place I'm thinking of where there is a brocken bridge!
Perhaps I'm being over paranoid! but I particularly worry about things like bank/paypal/amazon account logins.
I personally have all my passwords (not to mention all the various usernames and logins) in private memos on my Palm which is backed up on my computer. I assume my Palm and computer won't go down together! I need one remembered password to see the files.
But in case someone gets that password or finds a way of accessing the memos I have them in code form as in: "whereisbrokenbridge?2003" so someone won't be able to guess what it is unless they know what place I'm thinking of where there is a brocken bridge!
Perhaps I'm being over paranoid! but I particularly worry about things like bank/paypal/amazon account logins.
no, I'm not worried about it. But that’s because I have a backup strategy I feel good about. If someone doesn’t have that in place, they SHOULD be worried.
First, I make a weekly bootable clone backup to an external hard drive, so I have an exact replica of my hard drive that is no more than a week old at any point.
Second, I use a service called BackBlaze that uploads my files via the internet to offsite storage. I have it selected to backup all my documents, settings, pictures, music, photos, and this includes my passwords. This data is encrypted so there is little chance of anyone being able to view any of my data.
Third, I synchronize 1Password with the iPhone version so I have the data there, too.
So with all that, I'm pretty comfortable with my setup. Now, and this isn’t intended to be a Mac vs PC rant, but most people using PCs are under secured and their personal data is at risk. At a MINIMUM, you should be running a strong anti virus app and a software firewall with outbound monitoring, i.e. if ANYTHING on your system tries to make an outbound connection that you haven’t previously approved, you are notified and asked to approve the connection request. But I would also strongly recommend PC users also run real time anti trojan software. All it takes is one nasty keylogger for you to compromise all your personal/confidential information, and that equals a really, really bad day.
First, I make a weekly bootable clone backup to an external hard drive, so I have an exact replica of my hard drive that is no more than a week old at any point.
Second, I use a service called BackBlaze that uploads my files via the internet to offsite storage. I have it selected to backup all my documents, settings, pictures, music, photos, and this includes my passwords. This data is encrypted so there is little chance of anyone being able to view any of my data.
Third, I synchronize 1Password with the iPhone version so I have the data there, too.
So with all that, I'm pretty comfortable with my setup. Now, and this isn’t intended to be a Mac vs PC rant, but most people using PCs are under secured and their personal data is at risk. At a MINIMUM, you should be running a strong anti virus app and a software firewall with outbound monitoring, i.e. if ANYTHING on your system tries to make an outbound connection that you haven’t previously approved, you are notified and asked to approve the connection request. But I would also strongly recommend PC users also run real time anti trojan software. All it takes is one nasty keylogger for you to compromise all your personal/confidential information, and that equals a really, really bad day.
not familiar with that app but if it’s offline and encrypted, then the passwords themselves should be secure.
But the other issue is the use of those passwords. If you are able to then copy and paste that or auto fill those passwords into the appropriate browser fields, if you have a key logger running on your computer, it could read that data and send it to someone else and now you’re compromised.
But the other issue is the use of those passwords. If you are able to then copy and paste that or auto fill those passwords into the appropriate browser fields, if you have a key logger running on your computer, it could read that data and send it to someone else and now you’re compromised.
Can I trust their encryption methodology?
Well, first, I'm not qualified to analyze their code even if it was open source, which it isn’t. This stuff is way above my level of technical expertise.
Here’s their page on the nuts and bolts of how they do it:
http://blog.backblaze.com/2008/11/12/how-to-make-strong-encryption-easy-to-use/
looks strong to me. Re encryption, my basic assumption is that if someone REALLY wanted to break the key and get access to my data it might be possible if they had a lot of computer firepower, a lot of time and a real desire to focus in on my specific stuff. But the odds of that happening are less than unlikely, there’s nothing special about my data. No trade secrets, no passwords to multi million dollar swiss accounts. So I trust that the system they implement is sufficiently secure.
Well, first, I'm not qualified to analyze their code even if it was open source, which it isn’t. This stuff is way above my level of technical expertise.
Here’s their page on the nuts and bolts of how they do it:
http://blog.backblaze.com/2008/11/12/how-to-make-strong-encryption-easy-to-use/
looks strong to me. Re encryption, my basic assumption is that if someone REALLY wanted to break the key and get access to my data it might be possible if they had a lot of computer firepower, a lot of time and a real desire to focus in on my specific stuff. But the odds of that happening are less than unlikely, there’s nothing special about my data. No trade secrets, no passwords to multi million dollar swiss accounts. So I trust that the system they implement is sufficiently secure.
Conejo23;75325 said:
I have auto fill on all my stuff through a software called sxipper. I also see that 1Password do this too (checked because i'm actually planning on getting a Mac) and you mentioned that you use 1password. Do you not use auto fill then because its not very safe?
You'll have to excuse me because I don't really know much in this area.
nope, I use auto fill.
so far, there are no reported instances of viruses or Trojans on Macs “in the wild”, in the real world. Maybe a couple isolated demonstration issues, but so far there’s really been nothing of concern on the Mac side. Some say that’s because the unix-based operating system that Macs use is intrinsically more secure than Windows (which I agree with) and some say it’s a lack of effort and focus by hackers (which I also agree with). In any event, I run an app called “Little Snitch” that monitors ALL outbound traffic and requests authorization for any connection I haven’t previously approved. It’s a bit of a pain to setup initially because you get a ton of requests as you structure your rules, but once you’re up and running it’s almost invisible.
Just make sure you have something running that will detect anything trying to “phone home”, run a good anti virus software like NOD32 or Kaspersky, sit behind a hardware firewall (like a wireless or wired router) and that will take care of the majority of the issues.
so far, there are no reported instances of viruses or Trojans on Macs “in the wild”, in the real world. Maybe a couple isolated demonstration issues, but so far there’s really been nothing of concern on the Mac side. Some say that’s because the unix-based operating system that Macs use is intrinsically more secure than Windows (which I agree with) and some say it’s a lack of effort and focus by hackers (which I also agree with). In any event, I run an app called “Little Snitch” that monitors ALL outbound traffic and requests authorization for any connection I haven’t previously approved. It’s a bit of a pain to setup initially because you get a ton of requests as you structure your rules, but once you’re up and running it’s almost invisible.
Just make sure you have something running that will detect anything trying to “phone home”, run a good anti virus software like NOD32 or Kaspersky, sit behind a hardware firewall (like a wireless or wired router) and that will take care of the majority of the issues.
If you're suggesting that the average user should examine encryption code to assess how secure the application process is, i would represent this is grossly unrealistic for the typical or even power user.
as far as i'm going to take it is using a reputable company with tens of thousands of customers and many positive reviews from reputable tech reporters, and hope that if there was a glaring deficiency that it would be noted.
i could turn researching this into a full time job and i don't have it and neither do most people. so, read, research, make a reasonably informed decision and hope for the best.
your same argument could be made for the browsers we use. have you examined the browser code to determine there are no open back doors? how about your operating system code?
i just don't see this being a realistic position.
as far as i'm going to take it is using a reputable company with tens of thousands of customers and many positive reviews from reputable tech reporters, and hope that if there was a glaring deficiency that it would be noted.
i could turn researching this into a full time job and i don't have it and neither do most people. so, read, research, make a reasonably informed decision and hope for the best.
your same argument could be made for the browsers we use. have you examined the browser code to determine there are no open back doors? how about your operating system code?
i just don't see this being a realistic position.
TesTeq
0
"Open source code" concept explained.
Let me explain the "open source code" concept:
If the source code of the software application is publicly available for examination there are thousands of experts in the cyberspace that will check if there is something wrong with the code or not. You don't need to be an expert - you can use the wisdom of the crowd of experts.
If the source code is closed in a company safe nobody (except for a few programmers working for this company) can check if it has bugs or intended malfunctions.
The difference is between "a few in a hidden place" and "thousands sharing their knowledge with the world".
Conejo23;75349 said:
Let me explain the "open source code" concept:
If the source code of the software application is publicly available for examination there are thousands of experts in the cyberspace that will check if there is something wrong with the code or not. You don't need to be an expert - you can use the wisdom of the crowd of experts.
If the source code is closed in a company safe nobody (except for a few programmers working for this company) can check if it has bugs or intended malfunctions.
The difference is between "a few in a hidden place" and "thousands sharing their knowledge with the world".
thanks for the clarification.
Yes, I generally like open source but I don’t view it as an important enough of a criteria that it will drive me to choose an application that I deem deficient compared to others in terms of base functionality.
I realize some will disagree with this, and that’s fine. To each their own.
Yes, I generally like open source but I don’t view it as an important enough of a criteria that it will drive me to choose an application that I deem deficient compared to others in terms of base functionality.
I realize some will disagree with this, and that’s fine. To each their own.
Best solution right now: http://lastpass.com/
If you are concerned about security listen to this podcast and worry no more: http://www.grc.com/securitynow.htm Episode #256.
If you are concerned about security listen to this podcast and worry no more: http://www.grc.com/securitynow.htm Episode #256.