ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Password Managers ... vs. Not

(1/6) > >>

wraith808:
An Interesting Article for discussion.

Password managers don't have to be perfect, they just have to be better than not having one (via Troy Hunt)

I never could figure out how to argue why I have a password manager, and why I stay with Lastpass.  He argues it very well, I think.  The best password is one that you can't remember.  And if you can't remember, there are several ways to augment your memory.  And all of those ways are going to have security problems if attacked consistently.

So what do you do?

MilesAhead:
It seems the entire premise of using unmemorable passwords is that if the password is easy to remember, then it is likely made up of common words.  Therefore it is vulnerable to dictionary attack.  I have a couple of questions

1) Why is the server allowing thousands of attempts on your account so that the entire dictionary is traversed until a successful hit is achieved?

2) What is to stop the dictionary attackers from just using permutations of numbers and letters just like the unmemorable password generators produce?  If the server is going to allow thousands of logon attempts to the same account why not just brute force it?

Lately there seems to be a tendency to make using the internet and computers generally nearly more of a pain in the ass than it is worth.  Especially with phone logon it is a real pita to have to fat finger passwords with mixed case letters plus numbers and funky symbols.  It just seems like it is getting to the point where everyone can get into my account but me.

Anyone else have that feeling?

mouser:
I can't imagine not using a password manager.  It is essential.  Just remember one long password and then use the app to create a unique password for every site.
People that don't use password managers seem to inevitably use the same password on different sites, which is a major risk.
I love not having to remember passwords.

cranioscopical:
The thing that makes me shudder is that online password managers are such a juicy target. In just the past few days one succumbed to an attack and was plundered. :o
 

mouser:
Yeah I don't use an online synchronizing password manager, though I understand their appeal for folks who travel around a lot and use multiple devices, etc.

Navigation

[0] Message Index

[#] Next page

Go to full version