Your page: You should have different passwords for all websites. This prevents snapping on a blow if one of them experiencing a data breach, since the username and password will not work elsewhere.
Password service experienced burglary
It is however easier said than done – Very few manage to remember dozens (yes, maybe hundreds) of unique passwords; at least if they are going to be long and sophisticated enough that others can not guess them.
Therefore, there are several online services that take care of your passwords for you, against you lock them up with one master password. One of the most popular, LastPass, experienced a few weeks ago a data breach.
Certainly, the company claims that no password has been leaked (they are no matter encrypted with LastPass and can not be read without being locked up with master password), but the details that users’ email addresses and passwords hint may have been compromised.
READ ALSO: 13 password sins you should avoid
LastPass acted quickly and has now introduced a requirement that you have to verify your email address her when logging on from a new machine – just in case anyone can use the information they have obtained in order to guess the user’s master password.
Most LastPass Users have enough anyway so focus on network security that they have a master password that is difficult to guess, and it is therefore natural to assume that it is still safe to use LastPass, especially if you also have enabled two-factor authentication, which enables you need one extra-time code if you log in from a new device.
GUIDE: How to use LastPass
Anyway reports question arises – can one really trust some with a view to handing them all the passwords you use online?
Master Password does not require you trust someone
The handsome with Master Password is that you do not need to rely on a third party. The solution works offline and on multiple devices, without any information about you and your password will be sent to the service at any time. You do not need to sync content across devices, and there are apps for most platforms, as well as a web version.
The concept is as follows: Your name and master password fed into a hash function, together with the website you will login (eg. dinside.no). Out comes a password that you can use to register or log in.
Every time you load these three things in the same function, the same will come out of it, but as with all hash functions are it is impossible to reverse it to find out what was fed into it.
In addition, given you the ability to set password type (some sites may have more stringent requirements than other, or the other way – that they do not allow more advanced passwords than a PIN) and a counter, for example, if you must change your password at work on a regular basis or have had account somewhere where they have experienced a data breach, so that all users have been forced to change their password. Or if you have shared a password with someone who no longer are you just as close.
Not without drawbacks
No solution is perfect, and Master Password also has a few disadvantages that are worth mentioning:
• All passwords are generated by the service – if for example you have received a password to an account you share with others, you have to remember these passwords next.
• You have to change all passwords to use Master Password, precisely because all passwords are generated by the service and is not something you get to choose for yourself.
• To change the master password (for such as whether you have forgotten it or written it up on a patch that has been lost) will require you to change your password on all websites.
• The solution may not automatically fill in passwords fields for you. Thus it nor any safeguard against phishing
• The solution supports two-factor authentication is not, which means that a master password astray can be used from any new machine.
Sounds anyway tempting, you will find more information about the Master Password on masterpasswordapp.com. Where they also have a detailed page about security if you want to service the seams. The open source code is also available on Github.
Many options
There are many alternatives to LastPass and Master Password for managing your passwords.
Among the most popular is 1Password, KeePass and Dash Lane.
case was originally published at DinSide Read here.
No comments:
Post a Comment