Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

How Safe is Your Password Manager?

posted by cmn32480 on Thursday February 21 2019, @09:48AM   Printer-friendly
from the *********** dept.

stretch611 writes:

A security consulting firm released a report on the safety of password managers. A non-geek, summarized version is also available at the Washington Post. (Summarized graphic of results.)

The password managers included in the study were 1Password 4, 1Password 7, Dashlane, KeePass, LastPass. Unfortunately, the testing was limited to Win10 even if the password managers were available on other platforms. They all had some flaws, but as reported, you should still use one. They were all tested for encryption method on the database, accessibility of the master password and keys in memory while unlocked, and the master password and keys in memory while locked.

All were evaluated to have adequate encryption on the file. 1Password 4 (which actually had better memory security than 1Password 7,) was best at keeping individual passwords safe in memory; while KeePass was best at keeping the Master Password safe in the memory tests (although Dashlane did the same while it while in a locked state.)

Original Submission

 
This discussion has been archived. No new comments can be posted.
How Safe is Your Password Manager? | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Gaaark on Thursday February 21 2019, @09:35PM (2 children)

    by Gaaark (41) on Thursday February 21 2019, @09:35PM (#804721) Journal

    4 long words, not going together in a common way ( no chocolateicecreamisgood)

    Site identifier

    Stick in a number/character

    Mis-spell a word

    Make the 4 words as long as possible

    My passwords are often 25-30 characters long, each one unique.

    IMPORTANT ones I do not trust to external systems (someone else's server that can be hacked) except the site itself...ie, a bank. If the bank is hacked, I'm screwed but the bank will reimburse me if it knows what is good for it.

    I do keep a little black book, but it is not beside my computer: my computer is stolen, good luck to you trying to hack me.

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by NotSanguine on Thursday February 21 2019, @10:35PM

    by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Thursday February 21 2019, @10:35PM (#804748) Homepage Journal

    Those are good suggestions.

    I use lines from poems/adages/songs, etc. and modify them to make them unrecognizable to dictionary attacks. I also include punctuation and capitalization.

    For example:
    In the drone where I what burned.
    or
    I've got blings to dew and polemics to cheap.

    And I keep them in the best password manager I can find. My brain. It's not open-source, but it is relatively unhackable without a million dollar cluster for decryption [xkcd.com]

    The key is that they're long, not easily guessed via a dictionary attack (even with a phrase dictionary) and easy to remember.

    What more could one want?

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr

  • (Score: 2) by pipedwho on Thursday February 21 2019, @10:42PM

    by pipedwho (2032) on Thursday February 21 2019, @10:42PM (#804753)

    Only 4 words long?

    Mine are 7 words long and 6 characters around. I vary technique to avoid it being too predictable. Tantric breathwork is important too.

    Oh wait. Were we talking about passwords?