I do not trust anything where my passwords are on someone else's server. Hey stranger on the street. How about I give you a copy of my social security card, just in case I lose it!
So you trust Google with just about everything about your identity, but you can't trust LastPass with your Amazon password?
I do not trust anything where my passwords are on someone else's server. Hey stranger on the street. How about I give you a copy of my social security card, just in case I lose it!
So you trust Google with just about everything about your identity, but you can't trust LastPass with your Amazon password?
Google doesn't have any of my passwords except a hash of the one I use for Google. Our domain is also our own: we can point it away from gmail in an hour if something bad went down. Passwords can hurt me, but details of my email account are mostly benign.
Google's also bigger, and the effects of them doing bad would be harder to hide.
Finally, anything I actually care about is encrypted.
I do not trust anything where my passwords are on someone else's server. Hey stranger on the street. How about I give you a copy of my social security card, just in case I lose it!
So you trust Google with just about everything about your identity, but you can't trust LastPass with your Amazon password?
Google is a gigantic reliable company with lots of smart engineers and excellent security. Any data they have I have backed up. I have legal recourse if they try to fuck me royally. I can switch away from Google at any time to use other services. They don't actually have my passwords, they only have my data, which I don't really care about keeping private. Is there something you would like to know?
LastPass, if I used them, would have not my data, but my actual passwords. They are a relatively small company. They could disappear tomorrow, though it is unlikely. It is extremely likely that there are vulnerabilities in their system. In fact, there have been many such vulnerabilities, and there will be more.
To make an analogy. Google is a bank, and I have a safe deposit box with them. I put valuable things in the box, but I have the keys. Google keeps the stuff safe the way a bank does, and is very reliable.
LastPass is in a store next to the bank. They offer to keep hold of your safe deposit box key in case you lose it.
Rule number one. Never give your password to ANYBODY EVER. Not your spouse, parents, sibling, BFF, and especially not some company.
Actually LastPass is more like a safe deposit box for your other keys.
Also, just to be clear, I don't put any real passwords in LastPass. It's things like my facebook password and a couple e-commerce sites like Amazon. My banking passwords are stored nowhere but my head.
While in theory, LastPass does all its encryption client-side in a way that they can't crack (from what I understand about it), in practice I still don't particularly trust them (or any other cloud provider) with my passwords.
Personally, I use KeePassX as my password manager. Yeah, it's offline, but it stores everything in an AES256 encrypted database, is open source, and cross-platform. I'm sure there are other tools like this out there, but this just happens to be my favorite.
Actually LastPass is more like a safe deposit box for your other keys.
Also, just to be clear, I don't put any real passwords in LastPass. It's things like my facebook password and a couple e-commerce sites like Amazon. My banking passwords are stored nowhere but my head.
At some tiny ass local bank in a vault that keeps getting broken into.
But even there, it's a list to remind me what password I use for what. I only look at that file every few months when I shuffle passwords around: everything's perfectly memorized.
While in theory, LastPass does all its encryption client-side in a way that they can't crack (from what I understand about it), in practice I still don't particularly trust them (or any other cloud provider) with my passwords.
Personally, I use KeePassX as my password manager. Yeah, it's offline, but it stores everything in an AES256 encrypted database, is open source, and cross-platform. I'm sure there are other tools like this out there, but this just happens to be my favorite.
While that is much better, I don't like any system where passwords are digitally stored. If they are digitally stored, they can be digitally read.
Even if you ignore security issues, there are other problems with these various systems. Let's say you want to type your amazon password on your iPhone and you use KeePassX. What do you do? Password Card is the one solution that has none of these flaws.
Personally, I use KeePassX as my password manager. Yeah, it's offline, but it stores everything in an AES256 encrypted database, is open source, and cross-platform. I'm sure there are other tools like this out there, but this just happens to be my favorite.
An excellent choice. I really wanted something that I could use seemlessly between my several computers, a tablet and my phone. LastPass seems to do that the best.
My passwords are based on a formula that depends on the website and how important the site is (security-wise). The longest password (for my bank) is over 40 characters long. All of my passwords are memorized, though they don't have to be because they are formulaic.
While in theory, LastPass does all its encryption client-side in a way that they can't crack (from what I understand about it), in practice I still don't particularly trust them (or any other cloud provider) with my passwords.
Personally, I use KeePassX as my password manager. Yeah, it's offline, but it stores everything in an AES256 encrypted database, is open source, and cross-platform. I'm sure there are other tools like this out there, but this just happens to be my favorite.
While that is much better, I don't like any system where passwords are digitally stored. If they are digitally stored, they can be digitally read.
That is true, however, I figure that if it's good enough for the DoD, it's probably good enough for my purposes. Especially given how the vast majority of my passwords that matter (as opposed to Facebook, forum, etc. passwords) are indistinguishable from line noise.
Even if you ignore security issues, there are other problems with these various systems. Let's say you want to type your amazon password on your iPhone and you use KeePassX. What do you do? Password Card is the one solution that has none of these flaws.
There are versions of KeePassX for the iPhone, so that's not a problem. I am going to check out this Password Card thing though as I've never heard of it before.
I have most of them memorized though I did write a few of them down, but I didn't write down what service they are for, only a couple of letters. I don't even remember what they stand for until need that password. Generally I have different passwords for everything though I have some similar ones to make it easier to remember (and not but adding 123 or something to the end). I do need to change some passwords that I made a while back that aren't so complex, but I just keep forgetting to change them.
Actually LastPass is more like a safe deposit box for your other keys.
Also, just to be clear, I don't put any real passwords in LastPass. It's things like my facebook password and a couple e-commerce sites like Amazon. My banking passwords are stored nowhere but my head.
Yeah, I've got a small handful of credentials that are the big stuff, stuff that wouldn't be recoverable, and those passwords are kept nowhere but in my head and a sealed portion of my will. Everything else is either recoverable or not a concern. Oh no, what are you going to do, call people stupid and get in silly arguments with my reddit account? Fuck, I'd be surprised if anyone noticed the difference.
At some tiny ass local bank in a vault that keeps getting broken into.
If by broken into, you mean someone MIGHT have ran in, stole a Ledger with some not-terribly-useful information, and then ran out, because a teller noticed the door was swinging but they didn't see anyone leave, once, then yes.
What actually happened - the noticed a network anomaly that they couldn't pin down, so they IMMEDIATELY declared a security breach, since the anomaly was large enough that it COULD have contained some users emails, salted passwords, and maybe the server salt. They don't actually know, and can find no evidence of any security breach(and haven't since), so they assumed worst case scenario just in case.
Just for a bit of perspective.
lol people who can't remember their own passwords
I've got a large number of passwords stored in lastpass, all unique, all attached to different accounts, all over 12 characters long, all random. I mean, I know remembering all that random gibberish is easy for someone who has been through the American school system - experience, and all that - but that's not an advantage I have.
I know remembering all that random gibberish is easy for someone who has been through the American school system - experience, and all that - but that's not an advantage I have.
I know remembering all that random gibberish is easy for someone who has been through the American school system - experience, and all that - but that's not an advantage I have.
Hey-oh!
You know I love yas, but I've been saving that bit for hours now.
To be fair, the UK system is bullshit like that, too. My DNA Replication, Repair, and Recomb final had multiple choice questions like "What enzyme is responsible for the displacement of the error-containing oligonucleotide in NER?" And the list of answers?
A) UvrA UvrB C) UvrC D) UvrD E) UvrAB F) UvrABC G) DNA Ligase I H) DNA Ligase IV I) DNA Pol I J) DNA Pol III L) TFIIH M) XPA
Now imagine an exam that with 50% weight based on 50 questions all like that.
God, and I thought the multiple choice on AP Exams was a pain, where there are always at least five answers and "all of the above" and "none of the above" are usually present.
God, and I thought the multiple choice on AP Exams was a pain, where there are always at least five answers and "all of the above" and "none of the above" are usually present.
Yeah, now imagine that all the answers are all very different, but their names offer no hints as to what they are. Literally, the entirety of answering questions like the above is bullshit rote memorization of things you will invariably just look up in a book later. I mean, I know what most of the above answers are, and what they do, but their names are meaningless. XPA - XPG, for example, take their names from Xeroderma Pigmentosum (mutations in these proteins cause it), and then A-G are tacked on as differentiators. That's useless as a name. It tells you nothing about the process they're involved it. It'd be as if me parents named me "Tax Writeoff A," and my brothers B, and C. Tells you something about something we remotely affect, but nothing about me, nor does it helpfully differentiate between us.
If I ever discover an enzyme, I'm giving it a descriptive name just for the undergrads that come after me. The guys that named NTE (Neuropathy Target Enzyme/Esterase), or Histone Deacetylase, those guys knew how to help the field.
Could someone explain to me the effects of the Smith-Mundtz act in specific and practical terms? I can usually read legal documents, but back in '48 laws were actually hard for the common man to read. EDIT: fixed link
You know how you can become an ordained minster from the Universal Life Church online in like 5 minutes? Is there anything like that for Phd's and whatnot? I noticed they have them on their site but I'm not paying for a fake degree since I have absolutely no need for one. I just want something technically legitimate so I can call myself a doctor.
Comments
Google's also bigger, and the effects of them doing bad would be harder to hide.
Finally, anything I actually care about is encrypted.
LastPass, if I used them, would have not my data, but my actual passwords. They are a relatively small company. They could disappear tomorrow, though it is unlikely. It is extremely likely that there are vulnerabilities in their system. In fact, there have been many such vulnerabilities, and there will be more.
To make an analogy. Google is a bank, and I have a safe deposit box with them. I put valuable things in the box, but I have the keys. Google keeps the stuff safe the way a bank does, and is very reliable.
LastPass is in a store next to the bank. They offer to keep hold of your safe deposit box key in case you lose it.
Rule number one. Never give your password to ANYBODY EVER. Not your spouse, parents, sibling, BFF, and especially not some company.
CIA Black Ops gonna buy a bunch of Precious Moments figurines on eBay and charge them to your PayPal account.
Also, just to be clear, I don't put any real passwords in LastPass. It's things like my facebook password and a couple e-commerce sites like Amazon. My banking passwords are stored nowhere but my head.
Personally, I use KeePassX as my password manager. Yeah, it's offline, but it stores everything in an AES256 encrypted database, is open source, and cross-platform. I'm sure there are other tools like this out there, but this just happens to be my favorite.
But even there, it's a list to remind me what password I use for what. I only look at that file every few months when I shuffle passwords around: everything's perfectly memorized.
Even if you ignore security issues, there are other problems with these various systems. Let's say you want to type your amazon password on your iPhone and you use KeePassX. What do you do? Password Card is the one solution that has none of these flaws.
What actually happened - the noticed a network anomaly that they couldn't pin down, so they IMMEDIATELY declared a security breach, since the anomaly was large enough that it COULD have contained some users emails, salted passwords, and maybe the server salt. They don't actually know, and can find no evidence of any security breach(and haven't since), so they assumed worst case scenario just in case.
Just for a bit of perspective. I've got a large number of passwords stored in lastpass, all unique, all attached to different accounts, all over 12 characters long, all random. I mean, I know remembering all that random gibberish is easy for someone who has been through the American school system - experience, and all that - but that's not an advantage I have.
A) UvrA
C) UvrC
D) UvrD
E) UvrAB
F) UvrABC
G) DNA Ligase I
H) DNA Ligase IV
I) DNA Pol I
J) DNA Pol III
L) TFIIH
M) XPA
Now imagine an exam that with 50% weight based on 50 questions all like that.
If I ever discover an enzyme, I'm giving it a descriptive name just for the undergrads that come after me. The guys that named NTE (Neuropathy Target Enzyme/Esterase), or Histone Deacetylase, those guys knew how to help the field.
1 million points if you can guess why I happened to remember this piece today.
1 billion points if you can guess what I initially remembered it from.
[spoiler]Trigger:
Initial memory:
EDIT: fixed link