|
Title: How safe are Password Management Programs? Post by: Moebius327 on June 08, 2013, 10:13:28 AM Wondering how safe are programs like:
- LastPass (https://lastpass.com/index.php?fromwebsite=1) - KeePass (http://keepass.info) - 1Password (https://agilebits.com/onepassword) ... etc. I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/non existent? Is the only security risk brute forcing password-archive encryption? Title: Re: How safe are Password Management Programs? Post by: escrow.ms on June 08, 2013, 10:15:47 AM Wondering how safe are programs like: - LastPass (https://lastpass.com/index.php?fromwebsite=1) - KeePass (http://keepass.info) - 1Password (https://agilebits.com/onepassword) ... etc. I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/not existent? Is the only security risk brute forcing password-archive encryption? They are safe than browser's inbuilt password storage,but not 100% secure, formgrabber still can steal password. Title: Re: How safe are Password Management Programs? Post by: Moebius327 on June 08, 2013, 10:20:00 AM Wondering how safe are programs like: - LastPass (https://lastpass.com/index.php?fromwebsite=1) - KeePass (http://keepass.info) - 1Password (https://agilebits.com/onepassword) ... etc. I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/not existent? Is the only security risk brute forcing password-archive encryption? They are safe than browser's inbuilt password storage,but not 100% secure, formgrabber still can steal password. What is more widely spread formgrabbing or keylogging? Title: Re: How safe are Password Management Programs? Post by: tutkarz on June 08, 2013, 10:25:42 AM good thing about these programs is that you can create really long and complicated passwords which makes brute force really hard or even impossible to do. not to mention keyloggers have harder time to gather data if you use special options these programs provide. you can store many passwords in one place and then print them all on paper easy.
of course i would use only open source versions :) Title: Re: How safe are Password Management Programs? Post by: pekv2 on June 08, 2013, 11:42:55 AM Form grabber and keylogger is pointless when you have lastpass grid or google authentication enabled on your lastpass account.
Say like, even if your pw is snatched, and lastpass grid is enabled, there is no way for them to get into you LP account unless they print off your grid from your house or screen capture the grid the first time you use it. You can have grid to be used on "your" pc once or all the time "recommend once". You can set remember this computer etc. By far this is one of the badass option lastpass has. https://helpdesk.lastpass.com/security-options/multifactor-authentication-options/grid-multifactor-authentication/ I highly recommend lastpass with a strong masterpassword. Also, check out my stay safe link in my sig. Title: Re: How safe are Password Management Programs? Post by: prezbo on June 08, 2013, 12:10:37 PM Am I the only one who finds it interesting people trying to be security-conscious but trust a closed-source software of a for-profit company to keep all their passwords? I wouldn't even touch lastpass with a stick.
Title: Re: How safe are Password Management Programs? Post by: r3wt on June 08, 2013, 12:12:46 PM well if passwords were your hands, it would be about as safe as sticking your hand into a running garbage disposal
Title: Re: How safe are Password Management Programs? Post by: pekv2 on June 08, 2013, 12:59:56 PM Am I the only one who finds it interesting people trying to be security-conscious but trust a closed-source software of a for-profit company to keep all their passwords? I wouldn't even touch lastpass with a stick. The addon is open source :) . https://en.wikipedia.org/wiki/LastPass_Password_Manager#Source_code Title: Re: How safe are Password Management Programs? Post by: grue on June 08, 2013, 02:38:32 PM keepass has "two channel obfuscation", which attempts to screw up keyloggers/clipboard monitors. however, with all password managers, a virus can (at the very least) hijack the subroutine that accepts the password at the target program. it's certainly safer than nothing, but it's not guaranteed security.
|