Author

Topic: How safe are Password Management Programs? (Read 1142 times)

legendary
Activity: 2058
Merit: 1452
June 08, 2013, 09:38:32 AM
#9
keepass has "two channel obfuscation", which attempts to screw up keyloggers/clipboard monitors. however, with all password managers, a virus can (at the very least) hijack the subroutine that accepts the password at the target program. it's certainly safer than nothing, but it's not guaranteed security.
hero member
Activity: 770
Merit: 502
Am I the only one who finds it interesting people trying to be security-conscious but trust a closed-source software of a for-profit company to keep all their passwords? I wouldn't even touch lastpass with a stick.

The addon is open source Smiley .

https://en.wikipedia.org/wiki/LastPass_Password_Manager#Source_code
hero member
Activity: 686
Merit: 504
always the student, never the master.
well if passwords were your hands, it would be about as safe as sticking your hand into a running garbage disposal
sr. member
Activity: 430
Merit: 250
Am I the only one who finds it interesting people trying to be security-conscious but trust a closed-source software of a for-profit company to keep all their passwords? I wouldn't even touch lastpass with a stick.
hero member
Activity: 770
Merit: 502
Form grabber and keylogger is pointless when you have lastpass grid or google authentication enabled on your lastpass account.

Say like, even if your pw is snatched, and lastpass grid is enabled, there is no way for them to get into you LP account unless they print off your grid from your house or screen capture the grid the first time you use it. You can have grid to be used on "your" pc once or all the time "recommend once". You can set remember this computer etc.

By far this is one of the badass option lastpass has.

 https://helpdesk.lastpass.com/security-options/multifactor-authentication-options/grid-multifactor-authentication/

I highly recommend lastpass with a strong masterpassword.

Also, check out my stay safe link in my sig.
hero member
Activity: 546
Merit: 501
good thing about these programs is that you can create really long and complicated passwords which makes brute force really hard or even impossible to do. not to mention keyloggers have harder time to gather data if you use special options these programs provide. you can store many passwords in one place and then print them all on paper easy.
of course i would use only open source versions Smiley
hero member
Activity: 770
Merit: 500
Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/not existent?

Is the only security risk brute forcing password-archive encryption?

They are safe than browser's inbuilt password storage,but not 100% secure, formgrabber still can steal password.

What is more widely spread formgrabbing or keylogging?
legendary
Activity: 1274
Merit: 1004
Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/not existent?

Is the only security risk brute forcing password-archive encryption?

They are safe than browser's inbuilt password storage,but not 100% secure, formgrabber still can steal password.
hero member
Activity: 770
Merit: 500
Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/non existent?

Is the only security risk brute forcing password-archive encryption?
Jump to: