[Discuss] KeePassX
Tom Metro
tmetro+blu at gmail.com
Tue Jul 23 22:43:32 EDT 2013
Richard Pieri wrote:
> Try this little thought experiment. Take all of the passwords that you
> use on a daily basis. Put them into KeePass or whatever...
> Now, for one entire day, every time you need a password you MUST use
> the the [safe] to retrieve it.
But that would be silly. Security is relative to the threat scenario and
the value of what is being protected.
I use Keepass to generate and store my password for Ubuntuforums, so it
is strong, unique, and I know where to find it, but I don't retrieve my
password from there for every login. For an inconsequential site like
that, I'm perfectly fine with having Firefox remember the password, and
retain an authentication token in a cookie. I have no concern that
someone will walk up to my unlocked computer and do something malicious
with my Ubuntuforums login, nor that a hacker will dream up a
cross-site-scripting attack to obtain it.
(It seems most hack attempts we hear about lately have been against
fairly inconsequential sites, where the hackers must be primarily after
validated email addresses, and hoping users have reused passwords on
multiple sites.)
> No cheating: no "remembering" your passwords.
Other than my password safe pass phrase, desktop login, and a few
inconsequential LAN-local services, I don't know any of my passwords.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list