Agreed and this is why I opted for 1Password over Lastpass.At least 1Password keeps your files local.
I'm pretty good. Using 1P all my passwords are unique, I recently migrated from using 16 to 24 character passwords. What frustrates me sometimes is when websites have over restrictive password rules which don't allow you to use a very secure one.Agreed and this is why I opted for 1Password over Lastpass.
The trouble for people is that if you do what most of us fall into, using the same password across different sites, then that master password may actually compromise other locations.
I haven't changed my master password, but I did finally add multi-factor using Google Authenticator. I'd been meaning to do it and I was already using 2-factor on my other important accounts, but just hadn't gotten around to understanding Google Authenticator and 2-factor with LastPass. Here is one article, but the LastPass and Google help pages were what I used to walk me through it. http://www.zdnet.com/article/lastpass-hack-reinforces-importance-of-using-multi-factor-authentication/I still trust lastpass. That being said, I changed my master password yesterday just in case.
Exactly! If something happened to their servers (natural disaster, terrorist action, etc.), how do the affected folks obtain their passwords? This breach is a perfect example of why one should never allow their passwords to be controlled by a others. And, whether you want to believe it or not, if you passwords are stored on someone else's server, those passwords are not under your complete control. I find it better to use a password manager that keeps passwords local.Agreed, the keys to your kingdom are in one place and you're relying on another entity to protect them. I'm not willing to risk my data, and security.
and if natural disaster or hardware failure affects the local machine? Really you can move risk around, change the category but you can't eliminate it. If you want the convenience of being able to use the same set of passwords on several devices then you have to put your passwords somewhere they can be shared, else they can't be kept up to date etc etc...and convenient security is the best kind, then it gets used. Having them strongly encrypted on a server makes better sense than plain-text locally IMHO but as they are having to warn users with weak passwords to change them clearly some have used a weak link, those individuals are likely to have weak links in whatever security mechanism they use.I find it better to use a password manager that keeps passwords local.
To be fair the poster your quoted didn't say use a plain-text local file. They recommended a password manager which stored the files locally, and they would be encrypted.Having them strongly encrypted on a server makes better sense than plain-text locally IMHO but as they are having to warn users with weak passwords to change them clearly some have used a weak link, those individuals are likely to have weak links in whatever security mechanism they use.
This is a definite issue (picture your house burning to the ground with all your technology). I use 1P and periodically make a copy of the (encrypted) 1P database on a USB stick which I keep in a safe deposit box. Your password collection does NOT belong in The Cloud.and if natural disaster or hardware failure affects the local machine?
A solid backup plan will mitigate and lower the risks. For instance, I backup my computer on a portable drive and I take that portable drive to my office. So in the event of a natural disaster that destroys my home and computer my data is safe.and if natural disaster or hardware failure affects the local machine?