Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Aug 2012 10:46:15 -0400
From: Rich Rumble <>
Subject: Re: Arstechnica Password article (feat. Matt Weir)

On Tue, Aug 21, 2012 at 10:27 AM, Simon Marechal <> wrote:
> On 21/08/2012 16:17, Samuele Giovanni Tonon wrote:
>> And what about services like "last pass": aren't we just moving our
>> problems to the "simple one" of the relying entirely our security on one
>> single master password ? it's kind scary .
> Most people are already relying their entire security on one single
> master password : that of their main e-mail account. This is because of
> the password recovery options.
True, I personally think you're better off with a wallet/passwordsafe
application that you use a few passwords to help you remember dozens
of others inside of. A users OpenID password increases it's "value"
with each site that is added. Phishing/CSRF/XSS/MitM are all factors
that have and still affect such "services". A second factor can be
added to OpenID like services, sms challenge or OTP type things, but
you might as well have a unique login and password in a wallet that is
in your control. I don't trust any "cloud" service with anything
really valuable :)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.