Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 26, 2013, 02:11 PM   #26
saberahul
macrumors 68040
 
Join Date: Nov 2008
Location: On my iPad
Quote:
Originally Posted by Hrothgar View Post
Do people use Cloud-based password keepers? Isn't it inevitable that they will be hacked?
It is possible. I use Dashlane with 2-step authentication (which, for the record, isn't failsafe) but am slowly moving to iCloud Keychain. Mine is set up such that every password is over 20 characters long and unique in its own way; hence, if one account was to get hacked, others wouldn't be affected. Of course, my iCloud Keychain itself can be hacked but I am not some high-end person whose private information will cause a dramatic effect; i.e., if someone hacks my account, so be it - I can easily manage with it.
__________________
iPhone iPad MacBook Pro
saberahul is offline   0 Reply With Quote
Old Nov 26, 2013, 03:15 PM   #27
ApfelKuchen
macrumors 6502
 
Join Date: Aug 2012
Location: Between the coasts
It's hard to know what's inevitable. There's certainly added exposure with the cloud, since a locally-saved password keeper isn't going to put that encrypted data out where it can be sniffed. The question is, will the encryption be cracked? On that basis, every web commerce transaction, every electronic banking transaction, every corporate VPN... It's going to be a matter of the resources available to the "bad guys," and whether the target is worthwhile.

Security inevitably involves trade-offs. If a constantly-up-to-date-on-all-devices cloud-based approach encourages us to abandon passwords we can remember in favor of long, randomly-generated codes, will we increase overall security to the point where the cloud risk is secondary?

But in the end, cloud-based or not, a single password that unlocks access to hundreds of passwords is a chink in the armor. It's a trade-off I accept, because its a darn sight more secure than Post-its.

I trust that any of the well-known password safes will be as secure as any other, on a technical level. The field is sufficiently competitive to help assure that. I find usability to be more important. The password keeper I use is more valuable than the one that's a pain to use. It's more about avoiding unnecessary password resets than about keeping the NSA and Asian hackers at bay.

I've used SplashID for quite a while now. There are things about it that I find clunky or inconvenient. But it does the job, and I'm not sure that the grass is greener among the competing products - everything's flawed, just in different ways.
ApfelKuchen is offline   0 Reply With Quote
Old Nov 26, 2013, 07:38 PM   #28
flynz4
macrumors 68030
 
Join Date: Aug 2009
Location: Portland, OR
Quote:
Originally Posted by ApfelKuchen View Post
It's hard to know what's inevitable. There's certainly added exposure with the cloud, since a locally-saved password keeper isn't going to put that encrypted data out where it can be sniffed. The question is, will the encryption be cracked? On that basis, every web commerce transaction, every electronic banking transaction, every corporate VPN... It's going to be a matter of the resources available to the "bad guys," and whether the target is worthwhile.

Security inevitably involves trade-offs. If a constantly-up-to-date-on-all-devices cloud-based approach encourages us to abandon passwords we can remember in favor of long, randomly-generated codes, will we increase overall security to the point where the cloud risk is secondary?

But in the end, cloud-based or not, a single password that unlocks access to hundreds of passwords is a chink in the armor. It's a trade-off I accept, because its a darn sight more secure than Post-its.

I trust that any of the well-known password safes will be as secure as any other, on a technical level. The field is sufficiently competitive to help assure that. I find usability to be more important. The password keeper I use is more valuable than the one that's a pain to use. It's more about avoiding unnecessary password resets than about keeping the NSA and Asian hackers at bay.

I've used SplashID for quite a while now. There are things about it that I find clunky or inconvenient. But it does the job, and I'm not sure that the grass is greener among the competing products - everything's flawed, just in different ways.
Nice post.

I personally use 1Password... which of course keeps the vault secure on your own machine (if you choose). In that case... the biggest vulnerability is the combination of someone having physical (or virtual) access to your machine... plus the ability to decrypt the vault. Both

However, having the vault on a single machine is too limiting for me to be useful, so I choose to share it via dropbox. The other alternative is to share it via iCloud. Either of those does indeed add a new vulnerability... the security of the cloud.

Still... it requires cracking both vulnerabilities. Cracking dropbox plus cracking my vault. I am willing to take that risk... because as you said, the alternative has its own different vulnerabilities. I do not know a single person who could possibly manage hundreds of unique and complex passwords... so most have some system of password re-use. That would leave vulnerable to a password breach on any of the hundreds of sites (such as the one here on MR)... and then using that common password on other site. To me, that is a MUCH greater risk than using a secure vault... even if that vault is shared via the cloud.

/Jim
flynz4 is offline   0 Reply With Quote
Old Nov 26, 2013, 08:00 PM   #29
Spink10
macrumors 68020
 
Spink10's Avatar
 
Join Date: Nov 2011
Location: Oklahoma
I personally enjoy the interface of LastPass - very helpful especially with a premium account for $1 a month. The iOS browser needs some work but I generally just use it to copy the user/pw into safari on iOS.
Spink10 is online now   0 Reply With Quote
Old Nov 26, 2013, 08:52 PM   #30
Pharmscott
macrumors 6502
 
Join Date: Dec 2011
Location: Sacramento, CA
Another vote for Lastpass. I recently started using this and the interface and functionality are great. The app even will give you an overall security score and point out any weak or repeating passwords that you have.
Pharmscott is offline   0 Reply With Quote
Old Nov 27, 2013, 12:13 AM   #31
old-wiz
macrumors 604
 
Join Date: Mar 2008
Location: West Suburban Boston Ma
No matter what password manager you use, the most vulnerable point is the password needed to access the password manager. It isn't going to help if you use 1Password or any other if your entry password is itself vulnerable.

The managers and keychain can encrypt until even NSA can't break the encryption, but if the entry password is too simple....
old-wiz is offline   0 Reply With Quote
Old Nov 27, 2013, 04:52 AM   #32
yassinee12
macrumors newbie
 
Join Date: Nov 2013
1password for me is the best. I migrated from LastPass a few months ago and couldn't be happier.
__________________
24" screenshot mac, 2.8 GHz, 4 GB RAM, 750 GB HD ; 4 GB iPod nano
yassinee12 is offline   0 Reply With Quote
Old Nov 27, 2013, 09:04 AM   #33
flynz4
macrumors 68030
 
Join Date: Aug 2009
Location: Portland, OR
Quote:
Originally Posted by old-wiz View Post
No matter what password manager you use, the most vulnerable point is the password needed to access the password manager. It isn't going to help if you use 1Password or any other if your entry password is itself vulnerable.

The managers and keychain can encrypt until even NSA can't break the encryption, but if the entry password is too simple....
Very true. I'd be willing to bet that many have very weak passwords for their vaults.

It is kind of like writing the combination on the safe.

/Jim
flynz4 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Tags
password manager

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Password manager tl01 iPhone and iPod touch Apps 13 Apr 15, 2014 04:44 AM
New OS X Password Manager Application - Password Brain BollingenSoft Mac Applications and Mac App Store 5 Feb 19, 2014 06:43 AM
Password manager tl01 iPad Apps 22 Jan 6, 2014 09:05 PM
What is the best password manager? DarrenUK Mac Applications and Mac App Store 35 May 16, 2013 09:53 AM
Password Guard Makes iPhone Your Personal Password Manager ioani iPhone and iPod touch Apps 1 Aug 24, 2012 10:38 AM

Forum Jump

All times are GMT -5. The time now is 11:42 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC