|Nov 30, 2012, 06:00 PM||#1|
How to make sure a password manager is as secure as it claims?
until now, I resisted making the jump to a password manager for different reasons, the main ones being that I can't be quite sure of their true security and I may need to get access to a given website on a computer where I may just couldn't install or run any software. I can't do much about the latter except using a net-synchronizable software, typically paid-for, which still brings me back to the first question.
As much as I like open-source, it seems that the most praised password managers (LastPass and 1Password) are closed-source and as such, considering their waxing popularity will probably expose them to attacks themselves, with potentially much more serious consequences than an attack against a given website.
As closed-source applications, how can a prospective user be so sure about their boasted security? I am especially concerned about the ones that do sync passwords with secure servers, as these servers may be located in countries that don't provide any legal protection for privacy. I just remembered about Skype, claiming to be encrypted... unless someone high enough requests a tap.
On the other hand, there's SpiderOak. Ok, it's not a password management software, but even with a warrant, they claim they would be completely unable to decipher what a user has stored, as they don't hold the keys...
So, how can we know is these managers are as secure as they claim?
|Thread Tools||Search this Thread|
All times are GMT -5. The time now is 09:23 PM.