On Mon, 17 Dec 2012 09:48:35 +0100, Jan Goyvaerts <java.arti...@gmail.com>
wrote:
I'm using Lastpass <https://lastpass.com/> - it logs in for you,
generates
impossible passwords, has a plugin for many browsers, seems to have
integration with Linux systems too. It has an ios app, but never used
that.
I don't even know the passwords of the sites any more. I just know it's
all
different 20+ characters random crap. I only know the master password.
:-)
It's what I'd like to do - but who guarantees that Lastpass is secure?
That it stores passwords correctly encrypted? That it doesn't leak them in
memory? That it doesn't send them to a server?
Until somebody convinces me of the safety of these tools (*) I keep the
non-critical passwords (e.g. forums) stored in my browser, and the
critical ones (e.g. money-related, etc...) in a plain text file stored in
a USB key encrypted with Truecrypt, that I only mount when needed. This
involves that I don't do anything critical with my Android phone.
(*) Honestly, I think it's very hard to do. It would involve at least:
that the tool is open source, that it has been reviewed by some experts
and that I can install the application from a build I do by myself.
--
Fabrizio Giudici - Java Architect @ Tidalwave s.a.s.
"We make Java work. Everywhere."
http://tidalwave.it/fabrizio/blog - fabrizio.giud...@tidalwave.it
--
You received this message because you are subscribed to the Google Groups "Java
Posse" group.
To post to this group, send email to javaposse@googlegroups.com.
To unsubscribe from this group, send email to
javaposse+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/javaposse?hl=en.
