Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8

[Steven Schveighoffer]

On Fri, 11 Apr 2014 17:40:36 -0400, Walter Bright  
<newshound2 at digitalmars.com> wrote:

> On 4/11/2014 9:55 AM, Steven Schveighoffer wrote:
>> On Fri, 11 Apr 2014 12:42:31 -0400, Walter Bright  
>> <newshound2 at digitalmars.com>
>> wrote:
>>
>>> On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
>>>> If, after the last year of hacking, and the heartbleed bug, people  
>>>> are not using
>>>> password tracker/generators, you haven't learned anything :)
>>>
>>> But those pw managers are a single point of failure. One mistake and  
>>> you've
>>> compromised or lost everything.
>>
>> What mistake?
>
> Having a single password for everything. Heck, you could simply forget  
> that password.

There are dual-factor authentication options, including hardware-based  
ones.

Forgetting the password is unlikely. I only have to remember one.

>>> If your machine it is installed on is stolen, you've lost all your  
>>> passwords.
>>> Etc.
>>
>> Read about LastPass. Your last-pass vault is encrypted and stored in  
>> the cloud.
>
> Or there could be a bug in LastPass that makes it crackable. Not like  
> something like that has never happened before (cough, cough), again, a  
> single point of failure and everything is lost.

Again, read up.

> I remember a while back about someone with a Mac password vault lost his  
> whole online life when the vault got compromised.

I'm sure there are a couple anecdotes about people who aren't very careful  
with their master password. I'm also quite sure the number of people who  
use the same password everywhere that have been compromised is far greater.

I'm not one who has the memory for remembering lots of passwords, so this  
is a much better solution for me. I used to be one of those who uses the  
same password everywhere. Not any more. I still think the password  
manager's drawbacks are not as bad as the alternative's.

-Steve