04-18-2013, 06:31 PM | #31 |
Wizard
Posts: 2,230
Karma: 7145404
Join Date: Nov 2007
Location: Southern California
Device: Kindle Voyage & iPhone 7+
|
If someone physically gets hold of your laptop (or other PC) it is generally still game-over for us. They can, for example, install a key-logger and learn your Keepass and Dropbox passwords the next time you enter them.
There are counter measures but they are awkward and most people don't use them. I use Encrypt Stick on a USB memory stick. If I am using a public PC I can engage a scrambled keyboard to enter my password -- every mouse click on an on-screen keyboard (internally encrypted) scrambles the key layout for the next click. Slow and annoying but 100% defeats key-loggers. However, if someone has a camera looking over my shoulder I can still lose. |
04-18-2013, 06:39 PM | #32 | |
Grand Sorcerer
Posts: 6,111
Karma: 34000001
Join Date: Mar 2008
Device: KPW1, KA1
|
Quote:
- The thief would need to steal the notebook (or get in front of it at least). - Have the luck that I forgot to pull out the USB-stick with the key file. - Remove the password, install the keylogger. - Do all of it without me not knowing. - Hope that I'll activate Keepass before I ever need the Admin password. It can be done, but it's unlikely. The chance of somebody getting a hold of the database, the keyfile AND the password all at once is small. If something happens which makes me not to trust my system, I would at once install a known clean image. |
|
Advert | |
|
04-19-2013, 06:49 AM | #33 | |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
Quote:
Nothing is foolproof though. Everyone has to weigh up the convenience they want against the security they lose. However, anyone who is storing passwords in the clear on either a mobile or their computer should switch to a password safe _today_. Because you will lose nothing in convenience and gain much in security. For those using password safes, it's just a matter of how much security you want, you're going to lose some convenience the tighter you make things. Again, not fool proof, hacks/trojans/keyloggers could compromise the lot. But then you can go one step further as I have, only use a password safe on an old piece of hardware which is never(almost never) used online and has networking disabled. Old mobile (smart) phones are ideal for this but old laptops work too if portability isn't a concern. The phones also double for running authentication tokens like google authenticator. There's a security trade off with the offline safe though, a backup is needed so at some point you have to enable the network and copy the DB somewhere else. However that window of opportunity is tiny and with trojans/keyloggers the biggest fear unlikely to ever be an issue. Where you backup the DB is again another possible security trade off, but as long as the pass safe is a good one it matters a little less where you store this, even if it's on your main computer that gets hacked the DB should remain secure as you'll never need to open it on that computer. I wouldn't feel comfortable storing the DB backup in the cloud as others are, but again, it's a convenience/security trade off and really the DB should be safe if the encryption was suitably implemented. There's even more secure steps you can take at the expense of convenience, but for me this is good enough. BTW Katsunami: You may already be aware of this, but there's an option in the windows version of keepass 2 to require UAC be used for master password entry. This will block many key loggers from been able to grab your password as you enter it. The only thing it won't stop is a heavily rooted system, but then little can. Last edited by JoeD; 04-19-2013 at 07:22 AM. |
|
04-23-2013, 08:24 AM | #34 |
Wizard
Posts: 1,674
Karma: 3111989
Join Date: Dec 2010
Location: Jianghu
Device: PW1, PW5, iPhone SE 2016, iPhone 13 Pro, iPad Pro 9.7, iPad Pro 2021
|
Thanks again for all the great suggestions and things to think (and be anxious ) about. I've been using LastPass and it's working out very well so far, so extra thanks to those of you who recommended it.
|
04-23-2013, 10:13 AM | #35 | |
Grand Sorcerer
Posts: 6,111
Karma: 34000001
Join Date: Mar 2008
Device: KPW1, KA1
|
Quote:
|
|
Advert | |
|
04-26-2013, 03:06 AM | #36 |
Wizard
Posts: 1,841
Karma: 9547754
Join Date: Jul 2009
Location: Newcastle, Australia
Device: iPhone SE2020
|
I just never adapted to 1Password. I have copies of it for iOS and my Mac, and never use them, choosing instead to use "Wallet" by Acrylic Software. Like 1Password it can and does have its database store in my dropbox folder, so is accessible wherever I need it.
I'm innately suspicious of storing passwords on a third party site, or in the browser. |
04-26-2013, 11:24 AM | #37 | |
Bemused by possibilities
Posts: 58
Karma: 480244
Join Date: Jul 2012
Device: iPad3, Kobo
|
Quote:
|
|
04-26-2013, 07:34 PM | #38 |
Enthusiast
Posts: 27
Karma: 74200
Join Date: Oct 2011
Device: none
|
KeePass http://www.keepass.info
I have yet to see anything as good as this, and the remarkable thing is it's free. I can take it with me everywhere, and there are compatible KeePass programs (made by third-parties) that can open KeePass databases on phones (see the site for links), so you're never without your passwords. I still use version 1.x of KeePass for the PC since nearly all third-party KeePass programs are compatible with version 1 KeePass databases. The phrase 'must-have' is used too loosely these days, but for me this is what defines it. Too many features to list, some which only became evident with long-term use. I cannot live without it. And your passwords are not stored on some third-party server 'managing them' for you. |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
can anyone recommend a good medical dictionary | BeccaPrice | General Discussions | 9 | 02-03-2013 11:21 AM |
Password Manager for Kindle | mobigloo | Amazon Kindle | 3 | 07-18-2011 09:36 PM |