Can we trust password generators and online security tools

Topic

New Reply

I see a lot of advertisements for software that will automatically generate passwords. I also see similar articles that show that online security applications are being hacked. I have the suspicion that anything that is connected to the web isn’t as secure as advertised. I understand the need for good password management and using common sense when going places but I have my suspicions that many of the online tools are simply not as secure as advertised. I understand the need for encrypting files on your unit, and I follow those rules, but with eBay was hacked, I began to wonder whether or not a swan dive into the Internet is a smart thing to do. Just how safe are these password generators because when somebody says “they are perfectly safe and I have had no problem”, an article comes out maybe a week or month later saying that the service had been compromised.

Reply | Quote

Replies

MQG,

I use RoboForm Desktop, yes I don’t trust storing my PWs in the cloud, and I’m very happy with it. That said there is nothing that is uncrackable given enough time and computer power. However, I feel reasonably safe enough doing my online banking and paying bills online since all the services I use have a zero fraud clause that state I won’t be held liable for fraud. I follow very tight security practices and don’t visit the nether regions of the web so again I feel pretty secure.

YMMV
:cheers:

BTW: If you have NetFlix and want to get scared about your privacy watch the documentary “Some Conditions May Apply” it’s an eye opener!

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Ya, most if not all of those things online that require security are at the highest level of security they’ve ever been. However, as we are continually finding out, the story behind the story, is how little the ones responsible for maintaining a clear path of security are either aware of, or are unable to strongly thwart social engineering. Much easier to trick someone into giving out a password to something or find a disgruntled employee or pay someone handsomely who was leaving their job than it is to brute force it for years and years.

If you want a no holds barred random secure password go to GRC.com and under services you should see Perfect Passwords. Many websites won’t allow such a long password but for those that will…Steve says that just using as many as a site will allow, as long as its 15 or more characters is still “darn” secure (versus some lifetime of the Earth needed to crack).

Reply | Quote

I have long since being obsessive about secure passwords. You are much more likely to have your password comprised by having the sites you use passwords or credit cards on being hacked. In this case, no password is safe. Examples are the Adobe and Ebay breaches. It is much more important to use different UserID/passwords on sensitive sites so that one breach doesn’t compromise other accounts.

Jerry

Reply | Quote

Exactly, and then you’ll have to trust one “password keeper” like RG does to “remember” all those different random passwords for you…unless you have an eidetic memory.

Reply | Quote

And don’t trust the password keep entirely…I keep a printed list in my safe JIC! And update it regularly. :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

There should be no need to keep a printed list of passwords if you follow a few basic steps.
1. Use a manager that is portable.
2. Test that the manager will open your database on other computers.
3. Backup your database to at least 2 locations so you can always access it in the event of a disaster. A copy on the cloud is perfectly safe if you ensure your master password / key is long and complex and not stored with the database, and you don’t advertise the database location – no point in asking people to try and crack it.

Password Managers.

cheers, Paul

Reply | Quote