Beware of these "Easy Password" apps

jimbo45 · 14 Jun 2015

Hi there

I'm always amazed how people just PUT THEMSELVES in possible difficulties when using the Net. I know that passwords are a nuisance but those apps that store a "Virtual Safe" on the cloud where you store your passwords so any app requiring a password login just takes it from the "Virtual Safe" seems to me a potential recipe for DISASTER. - Severs do go down and do get hacked.

I'm of the old school-- a black notebook hidden away in a reasonably inaccessible place seems the best (and "Lowest tech") solution of all.

Simple and virtually HACKPROOF. Nothing is of course 100% safe but sometimes a bit of Old School Tech can still work wonders.

Cheers
jimbo

Mystere · 14 Jun 2015

While, indeed, you do have to be careful. Most decent apps are "unhackable", because they use client-side encryption. Even if someone hacks the server, all they get is the encrypted info which is useless without the keys stored on your local computer.

Dashlane is one such app that does this.

However, it also means you can't access these passwords when not using an already authenticated device.

rvbfan · 14 Jun 2015

jimbo45 said:

Simple and virtually HACKPROOF. Nothing is of course 100% safe but sometimes a bit of Old School Tech can still work wonders.

Cheers
jimbo

I'm with you on this. Little note book tucked away in another room.

Layback Bear · 14 Jun 2015

Their is not such thing as "unhackable"!!

I do agree with Jimbo and also use his method except I use a Rolodex.
To get my passwords off my Rolodex they would have to kill me and then I wouldn't need the password anyway.

Mystere · 14 Jun 2015

Layback Bear said:

Their is not such thing as "unhackable"!!

That's why I put it in quotes. Yes, if someone wanted to invest millions in hacking hardware to decrypt your file, sure. But, other than that, there's no way they're going to get to your data, even if they compromise the servers. Even if they have your master password, it won't help, since they need the physical keys stored on your computer as well.

Could they infect your machine with a virus, steal the keys, and your password, and then find it? Sure... but they would have to be targeting you directly, because that would require very specific knowledge of you, your systems, be able to read computer memory for decrypted keys.. and at that point, they could just install a keylogger to get your passwords.

So in other words, it's far more trouble to break the encryption of the servers when it's so much easier to just break into your home and torture you with a wrench until you give up access.

rvbfan · 14 Jun 2015

You don't need millions of $ invested in hardware. You need the right software, maybe find a back door, determination and time.
People are doing it all the time, you infect multiple machines with a program to turn them into shared computing bots and steal cycles from them.

Slartybart · 14 Jun 2015

Mystere said:

So in other words, it's far more trouble to break the encryption of the servers when it's so much easier to just break into your home and torture you with a wrench until you give up access.

Wouldn't they just take the money. jewelry, Flat screen TV, Computer, and other valuables and high tail it out of there?

Layback Bear · 14 Jun 2015

If they are going to use a wrench on me I hope it's a Mac or Snapon.
I do have standards to keep.

How hard it is to steal passwords on a computer or in a Cloud I really don't know. I'm not a hacker or a thief.

What I do know is one could read all day every day about passwords and personal information being stolen from what
were considered well protected sites. Hell someone even hacked Obama's Blackberry. One would think that should of had the best security tax dollars could buy.

rvbfan · 14 Jun 2015

2 pieces of advice I give about the internet are. Don't just click! Read it and be sure. Second is lay low. If they can't find you they can't hack you.
Use a combination of a hardware firewall as well as a software firewall.
My computer is setup not to respond to unsolicited pings.

BunnyJ · 14 Jun 2015

Simple.. change your passwords .. change change...