Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Thread beginning with comment 541945
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Keepass2
by Soulbender on Sun 11th Nov 2012 09:20 UTC in reply to "RE: Keepass2"
Soulbender
Member since:
2005-08-18

Just not gonna happen. I just don't have that kind of trust.


That's the thing about encryption, you don't need trust.
The chances that your cloud provider will take so much interest in you that they will use all their computing power to break into your (hopefully Twofish or AES) encrypted password database is minuscule.
Even if they do you'll probably have changed all the passwords by the time they actually manage to brute-force it.

Reply Parent Score: 2

RE[3]: Keepass2
by UltraZelda64 on Sun 11th Nov 2012 10:06 in reply to "RE[2]: Keepass2"
UltraZelda64 Member since:
2006-12-05

The chances that your cloud provider will take so much interest in you that they will use all their computing power to break into your (hopefully Twofish or AES) encrypted password database is minuscule.
Even if they do you'll probably have changed all the passwords by the time they actually manage to brute-force it.

Who's to say it's the cloud provider that will try to do the snooping? I actually didn't mean that with what I originally said. These companies run public servers, and they're not exactly unknown servers... they're well-known, and up for potential attack from anyone, anywhere on the Internet. They're big, easy targets. It's security breaches I would be worried about when putting a file containing *all* of my passwords on a server somewhere on the Internet.

Someone just has to breach the server's security and then take what they can. They can then post all the files they can manage to get on a server somewhere where they and their cracker buddies download away and have a field day playing games seeing who can crack the most password files the fastest. And if there's ever a vulnerability found that allows crackers to easily break the encryption code and read the contents of the file... well, now every single one of your passwords can be found by just accessing one file that's been made publicly available on the Internet to anyone.

Edited 2012-11-11 10:17 UTC

Reply Parent Score: 2