Fixing C's Biggest Mistake
Don Allen
donaldcallen at gmail.com
Mon Jan 9 15:12:41 UTC 2023
On Monday, 9 January 2023 at 03:02:31 UTC, Walter Bright wrote:
> On 1/8/2023 5:44 PM, Steven Schveighoffer wrote:
>> Everyone today should use a password manager, whether it's
>> cloud based or not.
>
> Yes, because password managers are perfect software, unlike
> every other piece of software on the planet.
>
> I heard today that Pegasus can read Whatsapp encrypted
> communications. If Pegasus can do it, anybody can.
>
>
>
>> And the *most important rule* is to not use a previous
>> password as your master password.
>
> A master password is a single point of failure.
So is an airplane (despite the internal redundancies, the whole
system can fail, e.g., the 737 rudder actuator failures), and yet
we fly. That something is a single point of failure is,
considered alone, not an argument against its use. The decision
to use or not should be based on a weighing of the benefits vs
the risk/cost (probability of failure and its cost).
As for LastPass, I was a user, with a long-enough random password
drawn from a large enough character set resulting in > 10^15
possibilities. A key that hard to find by brute force gets the
risk low enough for me so I can enjoy the benefit of having
access to my passwords from all my devices and share them with my
wife and vice-versa. What's the alternative? An encrypted
spreadsheet? Unworkable.
I will say, though, that I have cancelled my LastPass
subscription and migrated to 1Password, because I think the way
LastPass handled this was dishonest.
More information about the Digitalmars-d
mailing list