SIGforum.com Main Page The Lounge Who here use a password manager? Password manager OneLogin hacked.
Main Page The Lounge Who here use a password manager? Password manager OneLogin hacked.Go | New | Find | Notify | Tools | Reply | |
Tinker Sailor Soldier Pie |
I use a little black book. ~Alan Acta Non Verba NRA Life Member (Patron) God, Family, Guns, Country Men will fight and die to protect women... because women protect everything else. ~Andrew Klavan "Once there was only dark. If you ask me, light is winning." ~Rust Cohle | |||
|
| Member |
This article I posted a while back in another thread. The guy who wrote all those passwords rules is now sorry. Good Read here: http://gizmodo.com/the-guy-who...rules-now-1797643987 | |||
|
| Member |
Is this the cover?  | |||
|
Member |
We had this online password manager discussion not so long ago. Where is the person who gave me immense grief and told me storing passwords on the cloud was "safer than keeping it on your computer at home"??? | |||
|
A Grateful American |
His info was hacked, his ID stolen and his life ruined. I think I saw him looking for handouts in a Walmart parking lot. "the meaning of life, is to give life meaning" ✡ Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב! | |||
|
| Member |
Funny. | |||
|
| Oh stewardess, I speak jive.  |
From the article it sounds like neither the App itself nor the type of encryption used in the app were hacked, in fact, but rather the intruder got into the Cloud Server / Data Center - which, apparently, stored the data in an easier to breach manner. I like Password Managers, but I would never, ever, ever, ever store that information anywhere other than under my direct control, no matter whose "cloud"/data center. This breach isn't so much an issue of Password Managers or Encryption, it's shitty gaps in the security of their data center and the practice of saving said data to the Cloud. Which is a world different than "someone hacking a password manager app". Fwiw | |||
|
| Member |
Is this the old "if there are two barbers in a town you go to the one with the bad haircut" kind of thing? | |||
|
Member |
I use Dashlane. Everything stored on Dashlane's servers is encrypted using your Dashlane password. Dashlane does not store your password and Dashlane has no way to decrypt your data even if they want to. Unencrypted passwords are never present on Dashlane's servers. Decryption happens ONLY on your device, not on Dashlane's servers, and new passwords are encrypted on your device before being sent to Dashlane's servers. If someone copied all of Dashlane's user data, all they would have is encrypted garbage. Passwords are only stored on your devices encrypted, too, and you have to enter your Dashlane password (which isn't stored ANYWHERE) to decrypt them. The downside to all this is that if you forget your Dashlane password, you're screwed, there is absolutely no way to recover anything. | |||
|
Member |
I use Lastpass on my computers and phone and like it. As noted previously, the encryption key is not stored on their end, so the data they do store is virtually worthless without it. ----------------------------- Guns are awesome because they shoot solid lead freedom. Every man should have several guns. And several dogs, because a man with a cat is a woman. Kurt Schlichter | |||
|
Member |
I don't knock the technology of symmetric encryption and the supporting cipher management schemas of these products. The stuff is utterly fascinating. The problem is the simple fact that by nature encrypted repositories are high value targets. And the more valuable the target, the higher the cost of risk mitigation. Because these systems are designed, implemented, and managed by humans, sometimes the bad guys win. If you want serious security, you'd probably need some scheme that the military uses to send messages to nuclear submarines. Lover of the US Constitution Wile E. Coyote School of DIY Disaster | |||
|
| Member |
 | |||
|
| Ignored facts still exist |
lastpass user here ---------------------- Let's Go Brandon! | |||
|
Member |
That's pretty good, convincing people to store their passwords online. Donald Trump is not a politician, he is a leader, politicians are a dime a dozen, leaders are priceless. | |||
|
Nullus Anxietas |
This ^^^^^ "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Member |
Yes this THAT thread | |||
|
| Member |
Sharing / storing passwords on the Cloud. What could possibly go wrong? ------------------------------------- Proverbs 27:17 - As iron sharpens iron, so one man sharpens another. | |||
|
Don't Panic |
I'm in the Dashlane camp, too, and for the same reasons. WSJ had a review of password-keepers in May of 2014 , and Dashlane was the best of the bunch at the time. This is from the article (which is three years old - several millenia in tech-years) but it shows the lay of the land as of then:  If you don't care about multiple devices, Dashlane free version does everything the paid one does, except sync across devices (phone, pad, laptop, desktop, etc.) | |||
|
| Member |
Here's a bit more recent review done by PC Magazine. It appears LastPass and Dashlane are the best of the lot. Best Password Managers for 2017 ----------------------------- Guns are awesome because they shoot solid lead freedom. Every man should have several guns. And several dogs, because a man with a cat is a woman. Kurt Schlichter | |||
|
| Nullus Anxietas |
The problem with many of these password managers is they force you to keep a copy of your password store on their servers. Two problems: If they close their doors (as happened with one such password management app): You're screwed. Secondly: Yes, your password store is encrypted, but, because that's explicitly what they're storing it's readily-identifiable as a password store and thus a high-value target. If a bad guy gets a copy of your password store they have all the time in the world to begin attacking it. Even home-brew purpose-built "cracking farms" (multiple computers running multiple graphics cards each--the GPUs of which are very good for this purpose) can brute-force even the strongest encryption in a surprisingly short amount of time. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
| Powered by Social Strata | Page 1 2 3 4 |
 | Please Wait. Your request is being processed... |
|
SIGforum.com Main Page The Lounge Who here use a password manager? Password manager OneLogin hacked.
Main Page The Lounge Who here use a password manager? Password manager OneLogin hacked.© SIGforum 2024