> And even > then be really worried that, though your password software and how you > use it might be really, really excellent, if someone has spyware on your > machine that targets your password software, you are *so* screwed. > > This stuff is terrifying.
Less so if one uses two-step verification. I could type my username and password for GMail and lastpass right here and you would not be able to get in. The reason: you don't have my Yubikey. Most banks and credit card companies use people's cell phones as a 2SV. The cell phone is not as good as a Yubikey, but the second step means your money is not immediately gone due to spyware. Spyware folks do not also steal millions of cell phones. On Wed, May 6, 2020 at 8:44 PM Kent Borg <[email protected]> wrote: > On 5/6/20 8:37 PM, Kent Borg wrote: > > Choose and deploy password in such a way that you can survive many bugs. > > ...password software in such a way... > > -kb > > > _______________________________________________ > Discuss mailing list > [email protected] > http://lists.blu.org/mailman/listinfo/discuss > _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
