Heartbleed: A Password Manager Reality Check


Userlevel 7
Badge +54
Is a password manager an effective defense against vulnerabilities like Heartbleed, or are they simply another way to lose data to hackers?
 
Should the OpenSSL Heartbleed bug serve as a wake-up call for people not using a password management application or service to manage their passwords? Consider who are at the greatest risk of having their passwords stolen by Heartbleed-targeting hackers: People who reuse their passwords across multiple sites. That's because an attacker only needs to hack into one site -- say, a social network -- to obtain a password that works across multiple sites, such as your banking website.
 
Faced with that reality, some users have opted to tap a purpose-built security tool for generating and storing strong passwords. "If you don't use a password manager, you will end up using the same password on multiple sites. That password, becomes a 'basket' in which your security for all of the sites you use it for are stored," said David Chartier at AgileBits, which develops 1Password, via email. "So if you use the same password on Amazon, eBay, Facebook, MyCatPictures, and others, then all of those sites are in the same basket. And that basket is extremely fragile. A breach of one of those sites is a breach for all."
 
Full Article

13 replies

Userlevel 7
Badge +56
Cool article - I didn't know that Bruce Schneier had his own password manager application.
Userlevel 7
Badge +54
Here you are @ Password Safe
Userlevel 7
Have tried it and must say that I am not impressed given the pedigree of the designer.  I believe that KeePass is a better manager and just as safe.
Userlevel 7
Badge +56
@ wrote:
Have tried it and must say that I am not impressed given the pedigree of the designer.  I believe that KeePass is a better manager and just as safe.
His focus is more security research than software design, so I'm not surprised.  I've been using Webroot's password manager and enjoying it a lot.  I'd always meant to start using one but working here was the kick in the pants I needed 🙂
Userlevel 7
Personally I run both PM & KeePass as I have some credentials & information that I need to secure that is not web-related or I do not want to store in the Cloud (for obvious reasons)...but online it is PM all the way.
Userlevel 7
Nice article. Thanks for posting Jasper.:)

I use LastPass. It's so convenient and secure. I always have a peace of mind.
Userlevel 7
Hi ams963
 
I am curious so apologies in advance...you say you use LastPass...so I assume that you use WSA AV since ISP & C have the Password Manager built in, and whichis as good as LastPass (for obvious reasons...;)).  If that is the case then have you ever considered upgrading to either ISP or C?
 
Regards
 
 
Baldrick
Userlevel 7
Hey Solly,
 
No need for apologies. We should all try to satisfy our curiosities.:)
 
Of course I have considered upgrading. And I can always get special discounts too. But the AV version is all I need right now. I believe securing my devices or myself online is not having more of the arsenal but effectively using only the strong and powerful necessary ones covering all corners of the weaknesses. The AV has firewall and in Win 8.1 the built-in fw is enough. I've used Ccleaner for a long time. That covers the cleaning tools. I already use the free 25 GB OneDrive along with a paid cloud storage service. Last but not least I use LastPass and the free version is all I need.

So as you can see I have no need to upgrade. Webroot offers different versions for people according to their needs. I recommend the ISP and Complete versions to my friends and families who want simple one stop light and fast solution.:) I even let them use my discount codes.:)
Userlevel 7
Many thanks for taking the time to answer the question...was just curious...;)
 
Regards
 
 
Baldrick
Userlevel 7
No prob buddy.:)
Great article..kudos :D 
 
! I use password depot and I think password manager is the best way to deal with so many security threats around. Password Depot is very simple, easy and secure to use. :)
 
 
Userlevel 2
Heartbleed was the last straw for me. I started using WSA's password manager 4 days before Jasper shared this story.
 
I thought it was a real PITA to get it set up. (No fault of the software, I just had a lot of accounts to manage.) Now that I've been using the tool for awhile, I can't believe I didn't adopt it sooner. It has greatly simplified access to all my cloud assets.
 
This is a product I am happy to recommend to my family.
Userlevel 7
Badge +54
Thank you @ for your comments. I had no problem setting it up at all and I do not hesitate to recommend this programme to friends, I love it and so much easier and lighter than the competition. Plus as I found out last night it has great customer suport.

Reply