Main Area and Open Discussion > Living Room

Password Managers ... vs. Not

<< < (5/6) > >>

f0dder:
Of course the above is simplistic, and you can do things like uppercasing and other character manipulations - but an extended alphabet will always require (quiiiite a bit) more effort for a string of the same length.
-f0dder (June 06, 2017, 02:44 AM)
--- End quote ---
I'm sure that technically you have foundation for your argument(s).  But people live day to day fine with getting home from work and using a house key to get into their house/condo/apartment.  It does not stress them that a guy with a couple of battery powered drills can drill out the front door lock in about 30 seconds if he has practiced the procedure.  But the owner/renter can get in his own place in the most likely event terrorists are not waiting inside.-MilesAhead (June 06, 2017, 07:06 AM)
--- End quote ---
I'm sorry, but that is a silly attempt at an analogy.

Getting your credentials leaked is a very real risk - just look at the monster breaches various big sites have had over the last few years. You really should consider your password hashes to have been breached, and better hope you haven't used any sites negligent enough to use weak hashing (or no hashing at all, or reversible encryption instead of hashing).

So you need to pick your passphrases under the assumption that it will be suffering an offline attack.

There's a balance point past which the customer exists to serve the service instead of the other way around.  We have already tipped the scales in many areas.-MilesAhead (June 06, 2017, 07:06 AM)
--- End quote ---
Password hygiene has nothing to do with "customer serving the service", but you're right that there's a balance - that balance is between how much effort you put into securing credentials for Site X vs. how much it would hurt if that set of credentials are breached.

For most people, getting facebook or their primary email account taken over can lead to a lot of hurt.

Using a password manager to have unique, strong passwords per-site really isn't much of a hassle. Adding 2-factor authentication is a minor annoyance, but it's worth doing for "primary" accounts like mail, facebook, github and the likes.

cranioscopical:
If you hear the phrase "for your protection" you know it's going to be shoved sideways.   :D
-MilesAhead (June 06, 2017, 07:02 AM)
--- End quote ---

I use passwords wherever I go; it's the only password I can remember.

MilesAhead:
Password hygiene has nothing to do with "customer serving the service", but you're right that there's a balance - that balance is between how much effort you put into securing credentials for Site X vs. how much it would hurt if that set of credentials are breached.

-f0dder (June 06, 2017, 10:21 AM)
--- End quote ---

I disagree.  By insisting on funky characters that make you shift mode on touch keyboards they can always say you made a typo when entering.  Even if they are the ones who changed what you typed.  It amounts to asking the service provider for permission to use your own account.  Just like you have to ask the bank for permission to access your own money.  It is kind of like the rulers calling themselves "public servants."  Talk about cynicism.  Oh yeah, billionaires just shell out millions of their own $$ to "serve" others.  Right!

wraith808:
Password hygiene has nothing to do with "customer serving the service", but you're right that there's a balance - that balance is between how much effort you put into securing credentials for Site X vs. how much it would hurt if that set of credentials are breached.

-f0dder (June 06, 2017, 10:21 AM)
--- End quote ---

I disagree.  By insisting on funky characters that make you shift mode on touch keyboards they can always say you made a typo when entering.  Even if they are the ones who changed what you typed.  It amounts to asking the service provider for permission to use your own account.  Just like you have to ask the bank for permission to access your own money.  It is kind of like the rulers calling themselves "public servants."  Talk about cynicism.  Oh yeah, billionaires just shell out millions of their own $$ to "serve" others.  Right!

-MilesAhead (June 06, 2017, 11:39 AM)
--- End quote ---

You do have to follow rules to access your own money at banks.  And though it is inconvenient, one would find it more inconvenient if their credentials are breached, and want to hold the institution liable.  This has been a slow progression as more and more sites are breached.  And what is this changed what you typed bit?  I've never had that happen.

f0dder:
I disagree.  By insisting on funky characters that make you shift mode on touch keyboards they can always say you made a typo when entering.  Even if they are the ones who changed what you typed.  It amounts to asking the service provider for permission to use your own account.-MilesAhead (June 06, 2017, 11:39 AM)
--- End quote ---
What on earth are you on about? :huh: :huh: :huh:

Navigation

[0] Message Index

[#] Next page

[*] Previous page