Author Topic: Disclosing LC password to a 3rd party site and worst case hypothetical  (Read 18511 times)

rawraw

  • Hero Member
  • *****
  • Posts: 2795
    • View Profile
Russia or the Chinese military.  China "accidently" redirected the entire traffic of the web through its country a few years ago.  There is a really interesting TED Talk on how the internet is designed with a lot of "trust" in the end user, but that trust shouldn't exist in the modern way its used.

http://www.ted.com/talks/danny_hillis_the_internet_could_crash_we_need_a_plan_b.html

JDowding

  • Newbie
  • *
  • Posts: 35
    • View Profile
    • Email


I use LastPass, and I am pretty happy with it.   You can control which sites to automatically fill-in (username and password), and which you want to have explicit tell it to fill in.



Here is a very interesting article about how easy to break even hashed passwords: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/. Even randomized passwords don't protect you much.

The random passwords aren't to protect that account as much to prevent someone getting access to multiple accounts, through a brute force attack using the uncovered password to try to crack related accounts using the known emails. Most people use similar/same passwords across platforms, allowing the damage to be much worse than just one account being attacked.  All my financial passwords are 100% independent of each other to prevent this.

How do you manage to remember all of them without constantly having to open Lastpass? Or do you not?