light bulb

Did You Know?



Reply
Posts: 5,114
Topics: 3,272
Kudos: 6,325
Registered: ‎06-12-2013

Heartbleed: A Password Manager Reality Check

Is a password manager an effective defense against vulnerabilities like Heartbleed, or are they simply another way to lose data to hackers?

 

Should the OpenSSL Heartbleed bug serve as a wake-up call for people not using a password management application or service to manage their passwords? Consider who are at the greatest risk of having their passwords stolen by Heartbleed-targeting hackers: People who reuse their passwords across multiple sites. That's because an attacker only needs to hack into one site -- say, a social network -- to obtain a password that works across multiple sites, such as your banking website.

 

Faced with that reality, some users have opted to tap a purpose-built security tool for generating and storing strong passwords. "If you don't use a password manager, you will end up using the same password on multiple sites. That password, becomes a 'basket' in which your security for all of the sites you use it for are stored," said David Chartier at AgileBits, which develops 1Password, via email. "So if you use the same password on Amazon, eBay, Facebook, MyCatPictures, and others, then all of those sites are in the same basket. And that basket is extremely fragile. A breach of one of those sites is a breach for all."

 

Full Article

Sr. Community Leader

Community Manager Community Manager
Community Manager
Posts: 4,296
Registered: ‎12-16-2013

Re: Heartbleed: A Password Manager Reality Check

Cool article - I didn't know that Bruce Schneier had his own password manager application.

Posts: 5,114
Topics: 3,272
Kudos: 6,325
Registered: ‎06-12-2013

Re: Heartbleed: A Password Manager Reality Check

Here you are @nic Password Safe

Sr. Community Leader

Posts: 5,195
Topics: 211
Kudos: 5,002
Ideas: 9
Registered: ‎02-03-2012

Re: Heartbleed: A Password Manager Reality Check

Have tried it and must say that I am not impressed given the pedigree of the designer.  I believe that KeePass is a better manager and just as safe.

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.77...+ VoodooShield v2.0....working together as the NEW perfect combination! And backed up by Macrium Reflect v6

Community Manager Community Manager
Community Manager
Posts: 4,296
Registered: ‎12-16-2013

Re: Heartbleed: A Password Manager Reality Check


Baldrick wrote:

Have tried it and must say that I am not impressed given the pedigree of the designer.  I believe that KeePass is a better manager and just as safe.


His focus is more security research than software design, so I'm not surprised.  I've been using Webroot's password manager and enjoying it a lot.  I'd always meant to start using one but working here was the kick in the pants I needed :smileyhappy:

Posts: 5,195
Topics: 211
Kudos: 5,002
Ideas: 9
Registered: ‎02-03-2012

Re: Heartbleed: A Password Manager Reality Check

Personally I run both PM & KeePass as I have some credentials & information that I need to secure that is not web-related or I do not want to store in the Cloud (for obvious reasons)...but online it is PM all the way.

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.77...+ VoodooShield v2.0....working together as the NEW perfect combination! And backed up by Macrium Reflect v6

Community Expert Advisor
Posts: 1,736
Registered: ‎02-02-2012

Re: Heartbleed: A Password Manager Reality Check

Nice article. Thanks for posting Jasper.:smileyhappy:

I use LastPass. It's so convenient and secure. I always have a peace of mind.

__________________


π∞

"Simplicity is the ultimate form of sophistication." - Leonardo da Vinci


 


[Windows 8.1 Pro protected by Webroot SecureAnywhere]



Twitter.png

Posts: 5,195
Topics: 211
Kudos: 5,002
Ideas: 9
Registered: ‎02-03-2012

Re: Heartbleed: A Password Manager Reality Check

Hi ams963

 

I am curious so apologies in advance...you say you use LastPass...so I assume that you use WSA AV since ISP & C have the Password Manager built in, and whichis as good as LastPass (for obvious reasons...:smileywink:).  If that is the case then have you ever considered upgrading to either ISP or C?

 

Regards

 

 

Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.77...+ VoodooShield v2.0....working together as the NEW perfect combination! And backed up by Macrium Reflect v6

Community Expert Advisor
Posts: 1,736
Registered: ‎02-02-2012

Re: Heartbleed: A Password Manager Reality Check

[ Edited ]

Hey Solly,

 

No need for apologies. We should all try to satisfy our curiosities.:smileyhappy:

 

Of course I have considered upgrading. And I can always get special discounts too. But the AV version is all I need right now. I believe securing my devices or myself online is not having more of the arsenal but effectively using only the strong and powerful necessary ones covering all corners of the weaknesses. The AV has firewall and in Win 8.1 the built-in fw is enough. I've used Ccleaner for a long time. That covers the cleaning tools. I already use the free 25 GB OneDrive along with a paid cloud storage service. Last but not least I use LastPass and the free version is all I need.

So as you can see I have no need to upgrade. Webroot offers different versions for people according to their needs. I recommend the ISP and Complete versions to my friends and families who want simple one stop light and fast solution.:smileyhappy: I even let them use my discount codes.:smileyhappy:

__________________


π∞

"Simplicity is the ultimate form of sophistication." - Leonardo da Vinci


 


[Windows 8.1 Pro protected by Webroot SecureAnywhere]



Twitter.png

Posts: 5,195
Topics: 211
Kudos: 5,002
Ideas: 9
Registered: ‎02-03-2012

Re: Heartbleed: A Password Manager Reality Check

Many thanks for taking the time to answer the question...was just curious...:smileywink:

 

Regards

 

 

Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.77...+ VoodooShield v2.0....working together as the NEW perfect combination! And backed up by Macrium Reflect v6