At this point, you're probably being over-paraniod in the wrong direction! So far as I'm aware, you're at higher risk of having your card cloned from a cardholder-not-present transaction over the phone, or from day-0 exploit that logs your keyboard/clipboard, or from a remote website being hacked, or from a cashpoint that's been exploited.
Can you convince me that it's safer to type in your password each time, or to copy/paste than it is to allow a dedicated application to autofill web forms for you? On 17 December 2012 10:55, Fabrizio Giudici <fabrizio.giud...@tidalwave.it>wrote: > On Mon, 17 Dec 2012 09:48:35 +0100, Jan Goyvaerts <java.arti...@gmail.com> > wrote: > > I'm using Lastpass <https://lastpass.com/> - it logs in for you, >> generates >> >> impossible passwords, has a plugin for many browsers, seems to have >> integration with Linux systems too. It has an ios app, but never used >> that. >> >> I don't even know the passwords of the sites any more. I just know it's >> all >> different 20+ characters random crap. I only know the master password. :-) >> > > It's what I'd like to do - but who guarantees that Lastpass is secure? > That it stores passwords correctly encrypted? That it doesn't leak them in > memory? That it doesn't send them to a server? > > Until somebody convinces me of the safety of these tools (*) I keep the > non-critical passwords (e.g. forums) stored in my browser, and the critical > ones (e.g. money-related, etc...) in a plain text file stored in a USB key > encrypted with Truecrypt, that I only mount when needed. This involves that > I don't do anything critical with my Android phone. > > > (*) Honestly, I think it's very hard to do. It would involve at least: > that the tool is open source, that it has been reviewed by some experts and > that I can install the application from a build I do by myself. > > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To post to this group, send email to javaposse@googlegroups.com. To unsubscribe from this group, send email to javaposse+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
