Results 1 to 7 of 7
  1. #1
    Star Lounger
    Join Date
    Jul 2012
    Posts
    95
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Can we trust password generators and online security tools

    I see a lot of advertisements for software that will automatically generate passwords. I also see similar articles that show that online security applications are being hacked. I have the suspicion that anything that is connected to the web isn't as secure as advertised. I understand the need for good password management and using common sense when going places but I have my suspicions that many of the online tools are simply not as secure as advertised. I understand the need for encrypting files on your unit, and I follow those rules, but with eBay was hacked, I began to wonder whether or not a swan dive into the Internet is a smart thing to do. Just how safe are these password generators because when somebody says "they are perfectly safe and I have had no problem", an article comes out maybe a week or month later saying that the service had been compromised.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,058
    Thanks
    196
    Thanked 765 Times in 699 Posts
    MQG,

    <Personal Opinion>
    I use RoboForm Desktop, yes I don't trust storing my PWs in the cloud, and I'm very happy with it. That said there is nothing that is uncrackable given enough time and computer power. However, I feel reasonably safe enough doing my online banking and paying bills online since all the services I use have a zero fraud clause that state I won't be held liable for fraud. I follow very tight security practices and don't visit the nether regions of the web so again I feel pretty secure.
    </Personal Opinion>
    YMMV


    BTW: If you have NetFlix and want to get scared about your privacy watch the documentary "Some Conditions May Apply" it's an eye opener!
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  4. #3
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,094
    Thanks
    12
    Thanked 240 Times in 233 Posts
    Ya, most if not all of those things online that require security are at the highest level of security they've ever been. However, as we are continually finding out, the story behind the story, is how little the ones responsible for maintaining a clear path of security are either aware of, or are unable to strongly thwart social engineering. Much easier to trick someone into giving out a password to something or find a disgruntled employee or pay someone handsomely who was leaving their job than it is to brute force it for years and years.

    If you want a no holds barred random secure password go to GRC.com and under services you should see Perfect Passwords. Many websites won't allow such a long password but for those that will...Steve says that just using as many as a site will allow, as long as its 15 or more characters is still "darn" secure (versus some lifetime of the Earth needed to crack).
    Last edited by F.U.N. downtown; 2014-06-21 at 10:03.

  5. #4
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,619
    Thanks
    66
    Thanked 526 Times in 475 Posts
    I have long since being obsessive about secure passwords. You are much more likely to have your password comprised by having the sites you use passwords or credit cards on being hacked. In this case, no password is safe. Examples are the Adobe and Ebay breaches. It is much more important to use different UserID/passwords on sensitive sites so that one breach doesn't compromise other accounts.

    Jerry

  6. #5
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,094
    Thanks
    12
    Thanked 240 Times in 233 Posts
    Exactly, and then you'll have to trust one "password keeper" like RG does to "remember" all those different random passwords for you...unless you have an eidetic memory.

  7. #6
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,058
    Thanks
    196
    Thanked 765 Times in 699 Posts
    And don't trust the password keep entirely...I keep a printed list in my safe JIC! And update it regularly.
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  8. #7
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,506
    Thanks
    7
    Thanked 220 Times in 208 Posts
    There should be no need to keep a printed list of passwords if you follow a few basic steps.
    1. Use a manager that is portable.
    2. Test that the manager will open your database on other computers.
    3. Backup your database to at least 2 locations so you can always access it in the event of a disaster. A copy on the cloud is perfectly safe if you ensure your master password / key is long and complex and not stored with the database, and you don't advertise the database location - no point in asking people to try and crack it.

    Password Managers.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •