Date: Tue, 21 Aug 2012 10:46:15 -0400 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: Arstechnica Password article (feat. Matt Weir) On Tue, Aug 21, 2012 at 10:27 AM, Simon Marechal <bartavelle@...il.com> wrote: > On 21/08/2012 16:17, Samuele Giovanni Tonon wrote: >> And what about services like "last pass": aren't we just moving our >> problems to the "simple one" of the relying entirely our security on one >> single master password ? it's kind scary . > > Most people are already relying their entire security on one single > master password : that of their main e-mail account. This is because of > the password recovery options. True, I personally think you're better off with a wallet/passwordsafe application that you use a few passwords to help you remember dozens of others inside of. A users OpenID password increases it's "value" with each site that is added. Phishing/CSRF/XSS/MitM are all factors that have and still affect such "services". A second factor can be added to OpenID like services, sms challenge or OTP type things, but you might as well have a unique login and password in a wallet that is in your control. I don't trust any "cloud" service with anything really valuable :) -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.