From: Rich Freeman <rich0@gentoo.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Coming up with a password that is very strong.
Date: Mon, 4 Feb 2019 15:59:02 -0500 [thread overview]
Message-ID: <CAGfcS_kOvonYebbjbhYXjtRdap5E5CrS0JBxJ6-6O5Ns9t1B3g@mail.gmail.com> (raw)
In-Reply-To: <42eecf5d-0fbc-0396-55c6-6528c81a4920@gmail.com>
On Mon, Feb 4, 2019 at 3:49 PM Dale <rdalek1967@gmail.com> wrote:
>
> One reason I use LastPass, it is mobile. I can go to someone else's
> computer, use LastPass to say make use of Paypal, Newegg, Ebay etc,
> logoff and it is like I was never there.
As much as I like Lastpass I would never do that. It isn't magic - it
is javascript. If there is a compromise on your computer, then your
password database will be compromised. This is true of other
solutions like KeePassX and so on - if something roots your box then
it will be compromised.
If you were talking about something like a Chromebook that is still
locked down and you're using guest mode or logging in under a separate
user account from anybody else, then you're probably fairly safe
against that. However, if you're just looking into a generic windows
box or a shared linux account then there isn't going to be much
protection if something has compromised the system.
At that point you're vulnerable to all kinds of attacks, from theft of
the password manager database, to just skimming the accounts you're
using.
This won't stop sniffing of individual passwords, but you could at
least protect your overall database by looking up the password on a
secure device (your phone or whatever) and rekeying it on the
untrusted device. Then while that password is still vulnerable your
password database never touches that box.
--
Rich
next prev parent reply other threads:[~2019-02-04 20:59 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-04 5:47 [gentoo-user] Coming up with a password that is very strong Dale
2019-02-04 10:24 ` Peter Humphrey
2019-02-04 10:37 ` Neil Bothwick
2019-02-04 11:17 ` Mick
2019-02-04 11:48 ` [gentoo-user] " Nikos Chantziaras
2019-02-04 13:21 ` [gentoo-user] " Neil Bothwick
2019-02-04 13:43 ` Rich Freeman
2019-02-05 6:48 ` Dale
2019-02-05 9:55 ` Mick
2019-02-05 10:04 ` Michael Schwartzkopff
2019-02-05 10:18 ` Dale
2019-02-05 10:13 ` Dale
2019-02-05 11:21 ` Mick
2019-02-05 12:46 ` Dale
2019-02-04 11:10 ` [gentoo-user] " Nikos Chantziaras
2019-02-04 19:38 ` Jack
2019-02-04 20:51 ` Neil Bothwick
2019-02-05 20:28 ` Mark David Dumlao
2019-02-05 21:17 ` Neil Bothwick
2019-02-06 2:41 ` Mark David Dumlao
2019-02-08 14:26 ` Kai Peter
2019-02-08 20:59 ` Neil Bothwick
2019-02-09 0:19 ` Dale
2019-02-09 10:06 ` Neil Bothwick
2019-02-09 10:42 ` Dale
2019-02-09 16:02 ` Alec Ten Harmsel
2019-02-13 16:31 ` Rich Freeman
2019-02-13 17:12 ` Mark David Dumlao
2019-02-13 19:17 ` Rich Freeman
2019-02-13 21:34 ` Mark David Dumlao
2019-02-13 21:50 ` Rich Freeman
2019-02-04 20:49 ` Dale
2019-02-04 20:59 ` Rich Freeman [this message]
2019-02-04 21:06 ` Neil Bothwick
2019-02-04 22:12 ` Dale
2019-02-04 23:18 ` Rich Freeman
2019-02-05 7:34 ` Dale
2019-02-05 14:13 ` Rich Freeman
2019-02-05 16:00 ` Dale
2019-02-04 23:26 ` Mick
2019-02-05 7:55 ` Dale
2019-02-05 11:34 ` Mick
2019-02-05 13:05 ` Dale
2019-02-05 8:41 ` Neil Bothwick
2019-02-05 9:28 ` Mick
2019-02-05 12:27 ` Nikos Chantziaras
2019-02-04 16:42 ` [gentoo-user] " Laurence Perkins
2019-02-04 18:39 ` Lee Clagett
2019-02-04 20:09 ` [gentoo-user] " Dale
2019-02-04 20:19 ` Rich Freeman
2019-02-04 21:39 ` Dale
2019-02-04 22:34 ` [gentoo-user] " Tanstaafl
2019-02-05 1:10 ` Dale
2019-02-05 19:49 ` Tanstaafl
2019-02-05 23:50 ` Dale
2019-02-06 18:13 ` Tanstaafl
2019-02-05 4:42 ` Roger J. H. Welsh
2019-02-10 16:12 ` Andrew Savchenko
2019-02-10 16:27 ` Dale
2019-02-10 16:59 ` Andrew Savchenko
2019-02-10 18:13 ` Mark David Dumlao
2019-02-10 22:44 ` Dale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGfcS_kOvonYebbjbhYXjtRdap5E5CrS0JBxJ6-6O5Ns9t1B3g@mail.gmail.com \
--to=rich0@gentoo.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox