Bitcoin Forum
November 19, 2024, 02:39:49 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How safe are Password Management Programs?  (Read 1136 times)
Moebius327 (OP)
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500



View Profile
June 08, 2013, 10:13:28 AM
 #1

Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/non existent?

Is the only security risk brute forcing password-archive encryption?
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
June 08, 2013, 10:15:47 AM
 #2

Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/not existent?

Is the only security risk brute forcing password-archive encryption?

They are safe than browser's inbuilt password storage,but not 100% secure, formgrabber still can steal password.
Moebius327 (OP)
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500



View Profile
June 08, 2013, 10:20:00 AM
 #3

Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/not existent?

Is the only security risk brute forcing password-archive encryption?

They are safe than browser's inbuilt password storage,but not 100% secure, formgrabber still can steal password.

What is more widely spread formgrabbing or keylogging?
tutkarz
Hero Member
*****
Offline Offline

Activity: 546
Merit: 501


View Profile
June 08, 2013, 10:25:42 AM
 #4

good thing about these programs is that you can create really long and complicated passwords which makes brute force really hard or even impossible to do. not to mention keyloggers have harder time to gather data if you use special options these programs provide. you can store many passwords in one place and then print them all on paper easy.
of course i would use only open source versions Smiley

pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
June 08, 2013, 11:42:55 AM
 #5

Form grabber and keylogger is pointless when you have lastpass grid or google authentication enabled on your lastpass account.

Say like, even if your pw is snatched, and lastpass grid is enabled, there is no way for them to get into you LP account unless they print off your grid from your house or screen capture the grid the first time you use it. You can have grid to be used on "your" pc once or all the time "recommend once". You can set remember this computer etc.

By far this is one of the badass option lastpass has.

 https://helpdesk.lastpass.com/security-options/multifactor-authentication-options/grid-multifactor-authentication/

I highly recommend lastpass with a strong masterpassword.

Also, check out my stay safe link in my sig.
prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
June 08, 2013, 12:10:37 PM
 #6

Am I the only one who finds it interesting people trying to be security-conscious but trust a closed-source software of a for-profit company to keep all their passwords? I wouldn't even touch lastpass with a stick.
r3wt
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
June 08, 2013, 12:12:46 PM
 #7

well if passwords were your hands, it would be about as safe as sticking your hand into a running garbage disposal

My negative trust rating is reflective of a personal vendetta by someone on default trust.
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
June 08, 2013, 12:59:56 PM
 #8

Am I the only one who finds it interesting people trying to be security-conscious but trust a closed-source software of a for-profit company to keep all their passwords? I wouldn't even touch lastpass with a stick.

The addon is open source Smiley .

https://en.wikipedia.org/wiki/LastPass_Password_Manager#Source_code
grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1452



View Profile
June 08, 2013, 02:38:32 PM
 #9

keepass has "two channel obfuscation", which attempts to screw up keyloggers/clipboard monitors. however, with all password managers, a virus can (at the very least) hijack the subroutine that accepts the password at the target program. it's certainly safer than nothing, but it's not guaranteed security.

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!