Flaws in password managers could have exposed credentials

By Scorpus
Jul 15, 2014
Post New Reply
  1. If you thought that using a software-based password manager was a safe way to remember complex, secure passwords without them being stolen, you might want to think again.

    Read more
    misor likes this.
  2. misor

    misor TS Evangelist Posts: 1,157   +195

    I think my password "n0passw0rd1234567890" is still safe since I don't use any password manager. :)

    seriously, I keep on changing my passwords that I tend to forgot them. for my Microsoft accounts this year alone, I think I already changed passwords like 7x each account.
  3. davislane1

    davislane1 TS Evangelist Posts: 3,370   +2,164

    This is why, if you need to use a manager, it should be local. Although the chances of being compromised by an attack are low, they are even smaller if the target is exceedingly small (your machine rather than corporate servers).
  4. Mieksr

    Mieksr TS Enthusiast Posts: 38   +7

    I wonder what the word is on KeePass
  5. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,601   +369

    It isn't an online based dictionary so that's a start. Still... if a hacker gets a hold of the file, they can attempt to decrypt offline.
  6. Mieksr

    Mieksr TS Enthusiast Posts: 38   +7

    I usually save KeePass file on a TrueCrypt volume. But from what I've read TrueCrypt isn't save anymore.
  7. Capaill

    Capaill TS Addict Posts: 279   +86

    I keep my passwords in a local text file encrypted with AxCrypt. Makes it a bit of a pain when I'm away from the computer and forget a password. But feels safer than trusting an online site with my passwords.
  8. When I had to choose a Password Manager for myself I choose KeePass precisely because it's offline
    how many times do we have to say it? NEVER TRUST THE CLOUD
  9. Nima304

    Nima304 TS Guru Posts: 365   +81

    That's another conversation entirely, and I disagree that TrueCrypt isn't secure, even though the developers now claim it is.

    Anyway, if I had so many passwords that I needed to store them, a text file in an encrypted TrueCrypt volume (768-bit cascading encryption, SHA-512 hash) is what I'd use. I advise everyone against using an online service to store your password, as it adds hassle and sometimes costs money, but more importantly, employs so many attackable mechanisms that you're sometimes more secure simply using a less complex password that you can remember.
  10. Jad Chaar

    Jad Chaar TS Evangelist Posts: 6,477   +965

    I use 1Password and it is phenomenal. The apps are really expensive but the software and the support is great. 1Password is a local password manager (based on your PC rather than on the web) so I don't think all the flaws apply for it. That said though, there is always a risk in storing passwords on a machine.
  11. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,430   +2,822

    Flaws or back-doors?

    My trust in software programers is at an all time low.
  12. KeePass is a pain in the *** to use, but with last pass you can be 100% sure all your passwords go straight to the NSA database.
  13. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,601   +369

    Sounded like the developers were threatened...
  14. misor

    misor TS Evangelist Posts: 1,157   +195

    "passwords and encryption are irrelevant. I am a machine.", says a Microsoft botnet who reads an employee email.
  15. All of your comments are excellent. But who cares what you do if the servers you visit just gives them out. hahahaha. So many stupid people. Let me guess your password reset is your puppies name hahaha. Or your favorite movie. Here is a kicker for you. For added security my favorite movie is my favorite puppy but the guy on the phone told me that I can not do that. Can you believe this he tells me I can not do it but yet he lets me reset my moms password. hahaahha. Such an I D I O T.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...