Comments on: SlashGear 101: Basic Password Security

By: Phil Blake

Phil Blake — Fri, 20 Jan 2012 19:18:00 +0000

I personally use RoboForm by Siber Systems to store and manage all of my passwords. Everything is encrypted and I have never had an issue with security. Very easy to use and the tech support staff is extremely helpful. Definitely recommended to anyone.

By: John Bottomley

John Bottomley — Tue, 17 Jan 2012 09:41:00 +0000

my question, how is using one password to get into last pass any different from using one password for all your sites? why not just use a password with very large keyspace. I use four unrelated seemingly random words that my memory triggers from an old in joke from school. knowing…. http://xkcd.com/936/ http://en.wikipedia.org/wiki/Key_space_%28cryptography%29 for those who are interested.

By: Anonymous

Anonymous — Mon, 16 Jan 2012 20:51:00 +0000

She doesn’t really need to, it just pops up whenever you enter a new password and asks if you want to save it and if you want auto-login and stuff. Very simple program lol

By: Anonymous

Anonymous — Mon, 16 Jan 2012 20:42:00 +0000

Exactly. Every site that has ANY sensitive information stored should have this. Something like Google, or like Chase Bank has, that sends me a mobile PIN whenever I login.

By: Anonymous

Anonymous — Mon, 16 Jan 2012 20:42:00 +0000

Exactly. Every site that has ANY sensitive information stored should have this. Something like Google, or like Chase Bank has, that sends me a mobile PIN whenever I login.

By: Anonymous

Anonymous — Mon, 16 Jan 2012 20:41:00 +0000

I use LastPass, it is amazing. I can use passwords like J&0Fj$%(kf#$( and not forget them. And I know for a fact that LastPass encrypts all of their information, AND doesn’t store your information on their servers, so a hack on them won’t compromise anything. AND it’s free lol although I have paid because it is very much worth it.

*P.s. I am in no way related to LastPass or anything, just realized my praise sounds like an ad lol

By: Anonymous

Anonymous — Mon, 16 Jan 2012 20:39:00 +0000

This is a good example as to why “secure” sites should all include 2-step (or more) verification like Banks and stuff do. Not only ask for the password, but also verify that you are who you say you are by sending you a PIN number, or asking other information like verifying a personal image, or questions, etc. I would rather keep the same password, as the ones I use (2 of em) are completely random, and it would be easier to remember 2 instead of 20+, and just have a second verification step.

By: Anonymous

Anonymous — Mon, 16 Jan 2012 20:39:00 +0000

By: Flyfish

Flyfish — Mon, 16 Jan 2012 20:10:00 +0000

Maybe your Grandmother should have you help her? Or stay off e-commerce sites?

Keepass is uber easy to use although nothing is good enough for the technologically challenged (as any help desk person knows)

By: Flyfish

Flyfish — Mon, 16 Jan 2012 20:10:00 +0000

Maybe your Grandmother should have you help her? Or stay off e-commerce sites?

Keepass is uber easy to use although nothing is good enough for the technologically challenged (as any help desk person knows)

By: donald sinatra

donald sinatra — Mon, 16 Jan 2012 19:51:00 +0000

I am reminded of an article I read last year about how you should never use cryptic long passwords that you will never remember so you end up writing them down. Best to keep in in your head they say. Something that you can remember like whole words mixed with characters and numbers.
But how have your guys’ experiences been with LastPass, 1Password and KeePass been? Which ones are the best? Are there any others or are there any other suggestions of keeping several passwords?

By: donald sinatra

donald sinatra — Mon, 16 Jan 2012 19:51:00 +0000

By: Chris Burns

Chris Burns — Mon, 16 Jan 2012 19:31:00 +0000

Well then everyone should use it! But my grandmother wouldn’t be able to figure it out, you know?

By: Chris Burns

Chris Burns — Mon, 16 Jan 2012 19:31:00 +0000

Well then everyone should use it! But my grandmother wouldn’t be able to figure it out, you know?

By: Anonymous

Anonymous — Mon, 16 Jan 2012 18:52:00 +0000

Google is way ahead – with 2-factor authentication. Hard to believe e-commerce sites do not have that.

By: Anonymous

Anonymous — Mon, 16 Jan 2012 18:52:00 +0000

Google is way ahead – with 2-factor authentication. Hard to believe e-commerce sites do not have that.

By: Anonymous

Anonymous — Mon, 16 Jan 2012 18:46:00 +0000

Not with an iPhone. Its password protected (option). And even if they did hack it. I could wipe all the data off the phone from my computer.

By: Anonymous

Anonymous — Mon, 16 Jan 2012 18:46:00 +0000

Not with an iPhone. Its password protected (option). And even if they did hack it. I could wipe all the data off the phone from my computer.

By: John Michael Law

John Michael Law — Mon, 16 Jan 2012 18:22:00 +0000

Bad idea. Then any one site that stores it’s password in clear text can check what e-mail address you signed up with, log into your e-mail by using whatchamacallit246gmail, check your e-mail for all the other services you use, and everything you use is now owned.

By: John Michael Law

John Michael Law — Mon, 16 Jan 2012 18:22:00 +0000

By: the man on the street

the man on the street — Mon, 16 Jan 2012 18:16:00 +0000

Unless, of course, it’s like my shitty bank, and your password MUST be exactly 6 letters, one of which uppercase, plus two digits.

Security would be using passphrases instead of fixed-size passwords, plus phrases are easier to remember for the users.

But the problem isn’t really that users re-use passwords, it’s that sites a) don’t securely encrypt their users passwords, and b) don’t patch security holes.

By: the man on the street

the man on the street — Mon, 16 Jan 2012 18:16:00 +0000

Unless, of course, it’s like my shitty bank, and your password MUST be exactly 6 letters, one of which uppercase, plus two digits.

Security would be using passphrases instead of fixed-size passwords, plus phrases are easier to remember for the users.

But the problem isn’t really that users re-use passwords, it’s that sites a) don’t securely encrypt their users passwords, and b) don’t patch security holes.

By: SimonS

SimonS — Mon, 16 Jan 2012 18:14:00 +0000

RTFA. the passwords stolen *were* encrypted.

By: Keeeee

Keeeee — Mon, 16 Jan 2012 18:12:00 +0000

“and KeePass is your open-source free alternative, if you know how to make it work, that is.”

I think KeePass is pretty easy to use.

By: Keeeee

Keeeee — Mon, 16 Jan 2012 18:12:00 +0000

“and KeePass is your open-source free alternative, if you know how to make it work, that is.”

I think KeePass is pretty easy to use.

By: Roustem Karimov

Roustem Karimov — Mon, 16 Jan 2012 18:03:00 +0000

There are really just a few options:

1. Rely on your memory and use the same few passwords everywhere. If one of the websites is hacked then all your information is compromised. It is completely out of your control.
2. Use a password manager. The passwords stored in the software are always encrypted. Make sure you use a strong master password and your information will be protected at all times. You have full control.

3. Use a combination of 1 and 2. Use the password manager for most websites. For most important services use a strong password that you can remember (or write it down and store it in the safe).

By: Guest

Guest — Mon, 16 Jan 2012 17:59:00 +0000

Lose your phone or have it stolen from home and the app gives the thief a possible spending spree. Genius.

By: Guest

Guest — Mon, 16 Jan 2012 17:59:00 +0000

Lose your phone or have it stolen from home and the app gives the thief a possible spending spree. Genius.

By: Anonymous

Anonymous — Mon, 16 Jan 2012 17:56:00 +0000

Or you can have one _secure_ password (with non-dictionary word/name and numbers) AND append it with the name that relates to the site you have it on.

Example: for slashgear you can use “whatchamacallit246gear”. For ebay, “whatchamacallit246bid”.. And so on.. Same password, and yet different enough.

By: Alton Perak

Alton Perak — Mon, 16 Jan 2012 17:52:00 +0000

1Password!

By: Alton Perak

Alton Perak — Mon, 16 Jan 2012 17:52:00 +0000

1Password!

By: Charles Chou

Charles Chou — Mon, 16 Jan 2012 17:52:00 +0000

Any website that stores users’ passwords in plain text should be shot on site. A good security practice for websites is to store only the encrypted form of a password that cannot be reverse engineered. If you lose your password the only way to regain access is to reset it. To test out if a website uses this practice simply click on the lost password link and see what it does. If it sends you a password in email, the site should not used for serious business. If you do need to do transactions, make it a one time deal, use a throw-away password and select another vendor. Of course any website that ask for password without a secured link, i.e., https, should be avoid altogether.

By: Charles Chou

Charles Chou — Mon, 16 Jan 2012 17:52:00 +0000

By: ayzlwewe

ayzlwewe — Mon, 16 Jan 2012 17:50:00 +0000

you can have different instances of keepass which can be encrypted with different passwords. In my opinion its better to follow an algorithm for your passwords where you use a combination of a keyword and some characters from maybe the site address. For someone to figure out the pw to more than one of your accounts they would have to crack your algorithm first. Another idea is instead of using the same email address use something guerrilla mail which creates a temporary email account for one off registrations on obscure sites.

By: ayzlwewe

ayzlwewe — Mon, 16 Jan 2012 17:50:00 +0000

By: Andy

Andy — Mon, 16 Jan 2012 17:46:00 +0000

U seem to not understand how those services work, all the password data are encrypted with your personal master password that u only have locally. Those firms cant access or restore your passwords. This works like data can be posted encrypted on paste-bin, but without your password its useless. Also the idea is that this local master password never leaves your local machine since u can now use different end extreme strong passwords for all online accounts.

By: Andy

Andy — Mon, 16 Jan 2012 17:46:00 +0000

By: Acu_j

Acu_j — Mon, 16 Jan 2012 17:41:00 +0000

So store all of your passwords in one software that can be hacked. Nice.

By: Acu_j

Acu_j — Mon, 16 Jan 2012 17:41:00 +0000

So store all of your passwords in one software that can be hacked. Nice.

By: Chris Burns

Chris Burns — Mon, 16 Jan 2012 17:39:00 +0000

Well then thank YOU!