Page 2 of 2 FirstFirst
1
2
  1. 2014-02-10, 11:38 AM #21
    Keosen
    Keosen is offline
    The Lightbringer Keosen's Avatar
    10+ Year Old Account
    Join Date
    Oct 2009
    Location
    Sin City
    Posts
    3,709
    Quote Originally Posted by kiingy View Post
    Not quite, strength of an authenticator comes from the fact its never connected to any other device and they're designed to destroy themselves if tampered with (physically opened for example). If you store a keypass on an external/usb its contents can be copied next time you connect it to your computer.
    If your PC or the machine you are trying to access your password is compromised to such a degree you can't really do much.
    You also use YubiKey for further protection (http://keepass.info/help/kb/yubikey.html)
    Last edited by Keosen; 2014-02-10 at 11:41 AM.
    Reply With Quote Reply With Quote
  2. 2014-02-10, 12:11 PM #22
    Djinni
    Djinni is offline
    Scarab Lord Djinni's Avatar
    10+ Year Old Account
    Join Date
    May 2009
    Location
    West Sussex, UK
    Posts
    4,232
    Quote Originally Posted by kiingy View Post
    Generally when people get hacked its not because of a problem with the service provider, its usually a case of the users PC being compromised.
    The point remains if the attacker discovers your LastPass password, they now have access to your entire list of passwords.

    Obviously every system is going to have a flaw, nothing is 100% safe.
    I use a different password for everything without a manager but not everyone has the memory for that.
    If the PC is compromised by a keylogger with screen capture capability for example then it doesn't matter if you use 1 password or a thousand, they are all compromised, so I don't see a password manager like KeePass or LastPass for example making any difference in this scenario.

    Security is a multi-step thing, there is no single solution that will protect you from everything, there has to be multiple layers of security protecting against multiple threats. (Read: Firewalls, Anti-Malware, Anti-Virus, Anti-SpyWare, Anti-UserWare)
    The only 100% secure solution is 100% isolation from everything, and that includes the world. Meaning that the only secure way to store anything is for it not to be stored anywhere at any time.
    Last edited by Djinni; 2014-02-10 at 12:14 PM.
    Reply With Quote Reply With Quote
  3. 2014-02-10, 04:47 PM #23
    Cyanotical
    Cyanotical is offline
    I am Murloc! Cyanotical's Avatar
    10+ Year Old Account
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,553
    Quote Originally Posted by Twoddle View Post
    Isn't using a password manager doing the same? Moving all the security for all your websites to one place, your physical machine. If an attacker gains access he/she has access to everything.
    yes, you move to a single point of failure, but the general consensus is that if you even know what a password manager is, you are smart enough to keep it secure

    keepass in particular can link your password with a file you choose on your computer, this works like a private key, you can keep the file on an encrypted flashdrive, and your database on google drive/dropbox/etc

    that way you can copy this file to authorized computers, so that even if your database gets stolen, without this keyfile your database can't be decrypted, or keep it on the flashdrive and use it as a 2factor token
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Social Media

Services

My Account

Support

Advertise

Resources

Terms of Service

Privacy Policy

Our Communities

© 2023 Magic Find, Inc. All rights reserved.