To login, I just click the username field and select the user ID I wish to use from the dropdown box, hit enter, and it fills in the username and password field. It’s extremely convenient, and requires no installation of anything, save for the bit that generates the passwords. I use passwords that are randomly generated (as much as random generation is possible on a computer) and that are of substantial length. It may take a few guesses to get “BabeRuthjungle” for Amazon, but it would probably be in the first five or so tries. If I look at that password, and I know it’s for Barnes and Noble, bookstore, I’ve got a really good idea of your entire password schema. Your proposal includes an example of “BabeRuthbook” for Barnes and Noble, though, and that’s far from random. If the total password length was 12 characters, generally regarded as a good length for a strong password (I prefer more, but YMMV), the password with “BabeRuth” already known becomes effectively four characters long, which is trivial to brute force even if those four are truly random. If two passwords were compromised, any doubt over the schema is removed. Neither is obfuscating it by replacing the letter O with a zero or using nonstandard capitalization schemes. Using one’s favorite baseball player or other such thing as the password is as old as passwords, and adding stuff on the end is not much different. Making up a password that has only a bit of it that changes is not a new idea.
If I was an attacker and I saw a password that started with something like “BabeRuth,” I would assume that was exactly what it is. If an attacker is able to figure out the formula from a few known passwords to other sites that may be compromised (by a security breach of any of the various sites you use), it gives that attacker the keys to the kingdom. If you create a formula to create passwords, the formula itself effectively becomes the password… not just for one, but for every site you visit. Risk from accidental or malicious file corruption is mitigated by having copies of the backups that can be restored on multiple devices… So, risk to password security from device theft and hardware breakage is mitigated by encryption and having copies on other devices (hope they don’t all get stolen or broken simultaneously). (Master key needs to be handled separately.) So, this means synchronizing the encrypted storage between devices.Īgainst file corruption (both accidental and ransomware) it’d be helpful if the sync tool would automatically also store backups, but this should be possible with any backup tool that can read the files that the encrypted storage consists of. The local storage needs to be encrypted at a minimum, to help against theft and such.
#Splashid safe iphone gibbersih Offline
Stored locally for offline use is a hard requirement for some things (passwords to equipment installed in locations with not ‘net access, etc) and makes it easier to do backups too. Now, there’s more than one way to mitigate these issues…įirst, I prefer to be able to access the stored passwords from multiple devices. I believe that this whole discussion started on the assumption that one’s computer, in final analysis, might not be the safest place to keep one’s passwords. Agree about it being easy to use passwords using a password manager now, about these also being kept in a secure place, well…
0 kommentar(er)
