Log in

July 2011   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31


Posted on 2011.06.25 at 12:46
The majority of my passwords have been randomized and encrypted into LastPass. This way I only have to remember one password while making sure that the inevitable LulzSec hack doesn't force me to scramble.
You would think that I'd be more upset at this inconvenience, but I'm not. The ability to use unsecure passwords in multiple sites has been a luxury, like leaving your front door unlocked in a small town. Yes, it's a pity. Yes, it's a loss of trust. It's a trust that was unsustainable, however. People shouldn't let laziness trump security.

Why LastPass? A completely-local solution would better sooth the paranoid in me, but it seems I can't go for more than three weeks without destroying my system in some fashion. Since any half-decent password encryption solution is resistant to blatant copying, I tend to loss my payload more often than saving them. For example, I'm embarassed at how many orphaned GPG keys I have abandoned in limbo on MIT's public keyserver index with no safe way of revoking. A lot of this is carelessness and inexperience, however.
Lastpass is _portable_. It has plugins for my browser, my phone, and so on. It even supports HP/Palm's WebOS, which itself is baksheesh-worthy. I don't have to actually deal with the root inconvenience of security, typing in 12-digit random sequences into all of my applications (multiple times, to boot.) The theory behind LastPass seems sound ... they passwords are stored in encrypted form so that their own staff cannot access any data. If you forget your master password, you are screwed because there is no recovery process without the password. I'm unsure how changing passwords work ... supposedly all encryption/decryption is done on the client.

If you have been using the same password for multiple accounts, you probably should consider stopping. If you never change your password, well...
There are plenty of options. They can be free or priced. They may be online or local. They could encourage synchronization or be completely locked down without explicit user permission. I highly encourage you to investigate them. If nothing else, proper use should make your password management _EASIER_. than synchronising every password to the same thing.

Previous Entry  Next Entry