We had this online password manager discussion not so long ago.
Where is the person who gave me immense grief and told me storing passwords on the cloud was "safer than keeping it on your computer at home"???
August 30, 2017, 08:21 PM
sigmonkey
His info was hacked, his ID stolen and his life ruined. I think I saw him looking for handouts in a Walmart parking lot.
"the meaning of life, is to give life meaning" ✡ Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב!
August 30, 2017, 08:27 PM
Rinehart
Funny.
August 30, 2017, 08:27 PM
46and2
From the article it sounds like neither the App itself nor the type of encryption used in the app were hacked, in fact, but rather the intruder got into the Cloud Server / Data Center - which, apparently, stored the data in an easier to breach manner.
I like Password Managers, but I would never, ever, ever, ever store that information anywhere other than under my direct control, no matter whose "cloud"/data center.
This breach isn't so much an issue of Password Managers or Encryption, it's shitty gaps in the security of their data center and the practice of saving said data to the Cloud.
Which is a world different than "someone hacking a password manager app".
Fwiw
August 30, 2017, 08:30 PM
Rinehart
Is this the old "if there are two barbers in a town you go to the one with the bad haircut" kind of thing?
August 30, 2017, 08:48 PM
maladat
I use Dashlane.
Everything stored on Dashlane's servers is encrypted using your Dashlane password. Dashlane does not store your password and Dashlane has no way to decrypt your data even if they want to. Unencrypted passwords are never present on Dashlane's servers. Decryption happens ONLY on your device, not on Dashlane's servers, and new passwords are encrypted on your device before being sent to Dashlane's servers. If someone copied all of Dashlane's user data, all they would have is encrypted garbage.
Passwords are only stored on your devices encrypted, too, and you have to enter your Dashlane password (which isn't stored ANYWHERE) to decrypt them.
The downside to all this is that if you forget your Dashlane password, you're screwed, there is absolutely no way to recover anything.
August 30, 2017, 08:50 PM
bigdeal
I use Lastpass on my computers and phone and like it. As noted previously, the encryption key is not stored on their end, so the data they do store is virtually worthless without it.
----------------------------- Guns are awesome because they shoot solid lead freedom. Every man should have several guns. And several dogs, because a man with a cat is a woman. Kurt Schlichter
August 30, 2017, 09:14 PM
wrightd
I don't knock the technology of symmetric encryption and the supporting cipher management schemas of these products. The stuff is utterly fascinating. The problem is the simple fact that by nature encrypted repositories are high value targets. And the more valuable the target, the higher the cost of risk mitigation. Because these systems are designed, implemented, and managed by humans, sometimes the bad guys win. If you want serious security, you'd probably need some scheme that the military uses to send messages to nuclear submarines.
Lover of the US Constitution Wile E. Coyote School of DIY Disaster
August 30, 2017, 09:16 PM
Rinehart
August 30, 2017, 09:18 PM
radioman
lastpass user here
.
August 30, 2017, 09:37 PM
2012BOSS302
That's pretty good, convincing people to store their passwords online.
Donald Trump is not a politician, he is a leader, politicians are a dime a dozen, leaders are priceless.
August 30, 2017, 10:03 PM
ensigmatic
quote:
Originally posted by Rinehart:
This ^^^^^
"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
August 31, 2017, 05:14 AM
downtownv
quote:
Originally posted by Rinehart: We had this online password manager discussion not so long ago.
Where is the person who gave me immense grief and told me storing passwords on the cloud was "safer than keeping it on your computer at home"???
Proverbs 27:17 - As iron sharpens iron, so one man sharpens another.
August 31, 2017, 10:56 AM
joel9507
quote:
Originally posted by maladat: I use Dashlane.
Everything stored on Dashlane's servers is encrypted using your Dashlane password. Dashlane does not store your password and Dashlane has no way to decrypt your data even if they want to. Unencrypted passwords are never present on Dashlane's servers. Decryption happens ONLY on your device, not on Dashlane's servers, and new passwords are encrypted on your device before being sent to Dashlane's servers. If someone copied all of Dashlane's user data, all they would have is encrypted garbage.
Passwords are only stored on your devices encrypted, too, and you have to enter your Dashlane password (which isn't stored ANYWHERE) to decrypt them.
The downside to all this is that if you forget your Dashlane password, you're screwed, there is absolutely no way to recover anything.
I'm in the Dashlane camp, too, and for the same reasons. WSJ had a review of password-keepers in May of 2014 , and Dashlane was the best of the bunch at the time. This is from the article (which is three years old - several millenia in tech-years) but it shows the lay of the land as of then:
If you don't care about multiple devices, Dashlane free version does everything the paid one does, except sync across devices (phone, pad, laptop, desktop, etc.)
August 31, 2017, 11:21 AM
bigdeal
quote:
Originally posted by joel9507: I'm in the Dashlane camp, too, and for the same reasons. WSJ had a review of password-keepers in May of 2014 , and Dashlane was the best of the bunch at the time. This is from the article (which is three years old - several millenia in tech-years) but it shows the lay of the land as of then:
Here's a bit more recent review done by PC Magazine. It appears LastPass and Dashlane are the best of the lot. Best Password Managers for 2017
----------------------------- Guns are awesome because they shoot solid lead freedom. Every man should have several guns. And several dogs, because a man with a cat is a woman. Kurt Schlichter
August 31, 2017, 11:26 AM
ensigmatic
The problem with many of these password managers is they force you to keep a copy of your password store on their servers. Two problems: If they close their doors (as happened with one such password management app): You're screwed. Secondly: Yes, your password store is encrypted, but, because that's explicitly what they're storing it's readily-identifiable as a password store and thus a high-value target.
If a bad guy gets a copy of your password store they have all the time in the world to begin attacking it. Even home-brew purpose-built "cracking farms" (multiple computers running multiple graphics cards each--the GPUs of which are very good for this purpose) can brute-force even the strongest encryption in a surprisingly short amount of time.
"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
