On Mon, 17 Dec 2012 12:17:24 +0100, Kevin Wright <kev.lee.wri...@gmail.com> wrote:

At this point, you're probably being over-paraniod in the wrong direction!

So far as I'm aware, you're at higher risk of having your card cloned from a cardholder-not-present transaction over the phone, or from day-0 exploit
that logs your keyboard/clipboard, or from a remote website being hacked,
or from a cashpoint that's been exploited.

Each risk breach has got its cost. If my card is cloned (it's difficult nowadays, since they are all microchipped) I'd get in any case immediate notification of transactions by means of SMS messaging and I'd block the card. Usually the card company doesn't have problems in refunding the transaction. For the most precious asset, my banking accounts, I have three (since the past years, also to minimize financial risks of banks), and I distribute money among them. If somebody steals one of the passwords, it could drain one of my accounts. If all my passwords are at LastPass and it's breached, the bad guy could access immediately all my accounts (well, only two of them: the third also requires one-time passwords generated by a dongle; this makes LastPass useless for this account).


Can you convince me that it's safer to type in your password each time, or
to copy/paste than it is to allow a dedicated application to autofill web
forms for you?

Having a keyboard sniffer on my Mac sound pretty much as the same risk of having LastPass breached. This means that LastPass doesn't add any further security, still it's one more system to take care of...


So far, the most interesting solution was the one advised by Casper quite a few time ago (the topic was already debated), since I think he made some analysis on the code... but I'm not convinced yet even of it.


--
Fabrizio Giudici - Java Architect @ Tidalwave s.a.s.
"We make Java work. Everywhere."
http://tidalwave.it/fabrizio/blog - fabrizio.giud...@tidalwave.it

--
You received this message because you are subscribed to the Google Groups "Java 
Posse" group.
To post to this group, send email to javaposse@googlegroups.com.
To unsubscribe from this group, send email to 
javaposse+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/javaposse?hl=en.

Reply via email to