Re: [The Java Posse] Re: Keeping Track of Multiple Passwords

Mon, 17 Dec 2012 03:37:24 -0800

On Mon, 17 Dec 2012 12:17:24 +0100, Kevin Wright <kev.lee.wri...@gmail.com> wrote:
At this point, you're probably being over-paraniod in the wrong direction! 


So far as I'm aware, you're at higher risk of having your card cloned  
from
a cardholder-not-present transaction over the phone, or from day-0  
exploit

that logs your keyboard/clipboard, or from a remote website being hacked,
or from a cashpoint that's been exploited.



Each risk breach has got its cost. If my card is cloned (it's difficult  
nowadays, since they are all microchipped) I'd get in any case immediate  
notification of transactions by means of SMS messaging and I'd block the  
card. Usually the card company doesn't have problems in refunding the  
transaction. For the most precious asset, my banking accounts, I have  
three (since the past years, also to minimize financial risks of banks),  
and I distribute money among them. If somebody steals one of the  
passwords, it could drain one of my accounts. If all my passwords are at  
LastPass and it's breached, the bad guy could access immediately all my  
accounts (well, only two of them: the third also requires one-time  
passwords generated by a dongle; this makes LastPass useless for this  
account).





Can you convince me that it's safer to type in your password each time,  
or

to copy/paste than it is to allow a dedicated application to autofill web
forms for you?



Having a keyboard sniffer on my Mac sound pretty much as the same risk of  
having LastPass breached. This means that LastPass doesn't add any further  
security, still it's one more system to take care of...




So far, the most interesting solution was the one advised by Casper quite  
a few time ago (the topic was already debated), since I think he made some  
analysis on the code... but I'm not convinced yet even of it.



--
Fabrizio Giudici - Java Architect @ Tidalwave s.a.s.
"We make Java work. Everywhere."
http://tidalwave.it/fabrizio/blog - fabrizio.giud...@tidalwave.it

--
You received this message because you are subscribed to the Google Groups "Java 
Posse" group.
To post to this group, send email to javaposse@googlegroups.com.
To unsubscribe from this group, send email to 
javaposse+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/javaposse?hl=en.























					Reply via email to