Results 1 to 7 of 7
  1. #1
    2 Star Lounger
    Join Date
    Jul 2012
    Posts
    102
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Can we trust password generators and online security tools

    I see a lot of advertisements for software that will automatically generate passwords. I also see similar articles that show that online security applications are being hacked. I have the suspicion that anything that is connected to the web isn't as secure as advertised. I understand the need for good password management and using common sense when going places but I have my suspicions that many of the online tools are simply not as secure as advertised. I understand the need for encrypting files on your unit, and I follow those rules, but with eBay was hacked, I began to wonder whether or not a swan dive into the Internet is a smart thing to do. Just how safe are these password generators because when somebody says "they are perfectly safe and I have had no problem", an article comes out maybe a week or month later saying that the service had been compromised.

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,507
    Thanks
    213
    Thanked 854 Times in 786 Posts
    MQG,

    <Personal Opinion>
    I use RoboForm Desktop, yes I don't trust storing my PWs in the cloud, and I'm very happy with it. That said there is nothing that is uncrackable given enough time and computer power. However, I feel reasonably safe enough doing my online banking and paying bills online since all the services I use have a zero fraud clause that state I won't be held liable for fraud. I follow very tight security practices and don't visit the nether regions of the web so again I feel pretty secure.
    </Personal Opinion>
    YMMV


    BTW: If you have NetFlix and want to get scared about your privacy watch the documentary "Some Conditions May Apply" it's an eye opener!
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  3. #3
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,149
    Thanks
    12
    Thanked 249 Times in 242 Posts
    Ya, most if not all of those things online that require security are at the highest level of security they've ever been. However, as we are continually finding out, the story behind the story, is how little the ones responsible for maintaining a clear path of security are either aware of, or are unable to strongly thwart social engineering. Much easier to trick someone into giving out a password to something or find a disgruntled employee or pay someone handsomely who was leaving their job than it is to brute force it for years and years.

    If you want a no holds barred random secure password go to GRC.com and under services you should see Perfect Passwords. Many websites won't allow such a long password but for those that will...Steve says that just using as many as a site will allow, as long as its 15 or more characters is still "darn" secure (versus some lifetime of the Earth needed to crack).
    Last edited by F.U.N. downtown; 2014-06-21 at 11:03.

  4. #4
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    5,012
    Thanks
    71
    Thanked 577 Times in 522 Posts
    I have long since being obsessive about secure passwords. You are much more likely to have your password comprised by having the sites you use passwords or credit cards on being hacked. In this case, no password is safe. Examples are the Adobe and Ebay breaches. It is much more important to use different UserID/passwords on sensitive sites so that one breach doesn't compromise other accounts.

    Jerry

  5. #5
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,149
    Thanks
    12
    Thanked 249 Times in 242 Posts
    Exactly, and then you'll have to trust one "password keeper" like RG does to "remember" all those different random passwords for you...unless you have an eidetic memory.

  6. #6
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,507
    Thanks
    213
    Thanked 854 Times in 786 Posts
    And don't trust the password keep entirely...I keep a printed list in my safe JIC! And update it regularly.
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  7. #7
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,847
    Thanks
    7
    Thanked 253 Times in 238 Posts
    There should be no need to keep a printed list of passwords if you follow a few basic steps.
    1. Use a manager that is portable.
    2. Test that the manager will open your database on other computers.
    3. Backup your database to at least 2 locations so you can always access it in the event of a disaster. A copy on the cloud is perfectly safe if you ensure your master password / key is long and complex and not stored with the database, and you don't advertise the database location - no point in asking people to try and crack it.

    Password Managers.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •