* Posts by grandours

12 posts • joined 14 Nov 2012

What should password managers not do? Leak your passwords? What a great idea, LastPass

grandours

Re: The perfect Password

From a pedantic point of view you are correct, but you are using the term "guess" in the sense of a random selection. I am using the term to denote using some knowledge about a person to make an educated guess about what a password might be. A very simple example might be someone using their child's birthday as a password. My password-manager generated passwords have no bearing to me, anyone related to me, or anything I might dream up using my imagination. Yes, one could still "guess" one of those passwords, but the odds of doing so would be far worse than winning the powerbowl jackpot. From a practical point of view, they are impossible to guess.

Incidentally, another benefit of using a password manager is when dealing with those annoying but mandatory "security questions", which do nothing but weaken security. For those, I use more password-manager generated passwords. That way, I don't have to worry about people who might know my mother's maiden name, etc., getting access to my accounts.

9
0
grandours

Re: The perfect Password

That's all well and good, but there are a number of services that still limit the length of passwords to a ridiculously short number of characters. In that type of situation, the string of words method or xkcd method is useless. Password managers allow you to generate random passwords containing a mix of upper/lower case letters, numbers and special symbols of whatever length you like, so you can have much stronger passwords than "Iamsostupidthatiforgetmypasswordsallthetime2000". Also, unless you are recommending reusing the same password across many sites, that method is not practicable for most people. I currently have 116 passwords stored in my password manager. They are all unique and impossible to guess, even by me. I don't have photographic memory, so I simply can't remember that many unique passwords. I use a password manager for everything except banking, email and Amazon. For my banking and Amazon I have 12 character impossible to guess root passwords that I've memorized and never change, and I have an additional 18 character suffix stored on a Yubikey that I can change at regular intervals. I also use 2FA wherever it's allowed. There is no perfect password solution. Whatever solution you choose to use, you have compromised to some degree on usability, convenience or security. To what degree one is willing to compromise in any one of those areas is up to each individual. Saying that one should never use a password manager is a bit like saying to an investor "no one should ever have more than 50% of one's investments in equities as they are too risky".

5
0

Are you the keymaster? Alternatives in a LogMeIn/LastPass universe

grandours
Meh

Requirements for a true LastPass replacement

In no particular order:

1) Ease of use.

2) 2FA including Google Authenticator for smartphone use and Yubikey for desktops/laptops/tablets that have a USB port.

3) Cross-platform (Win, Android, iOS, OS X, Linux)

4) Ability to install Chrome extension without administrator privileges on office workstation (Windows environment).

5) At least as secure as LastPass (obviously).

0
0

Trolls pop malformed heads above bridge to sling abuse at Tim Cook

grandours
Angel

Re: Dumb Idiots and Sexists....

Irreverent? A Freudian slip no doubt.

3
0

Doctors face tribunal over claims of plagiarism in iPhone app

grandours

I am a physician (Iimagine one of the few who frequent this site). I practice in Canada, but we have a similar governing body in our jurisdiction. I don't know the precise rules for this kind of scenario, but I pretty sure anyone who had this type of complaint made against him or her would be sanctioned by the college. A first offence would likely involve a formal reprimand, and a mandatory ethics at one's own expense. Of course, these individuals may still face a separate copyright infringement court case.

2
0

Snowden's secure email provider Lavabit shuts down under gag order

grandours
Trollface

"...they need to learn from private prisons, defense and farming how to get Washington to do "the right thing."

and from Apple.

13
2

Typical! Google's wonder-dongle is a solution looking for a problem

grandours
Thumb Up

Useful in Canada

This will be very handy for me to access Hulu on my TV, which I can currently do on my laptop/desktop, but not on any tablet or on my TVs hooked up to a PS3 and Apple TV due to licensing restrictions. (It's technically possible to work around this with a US credit card and US mailing address, but I can't be bothered setting this up.) My laptops don't have HDMI out, so for $35, this is a bargain. I agree that in some markets this won't be overly useful.

0
0

3D printed gun plans pulled after US State Department objects

grandours
Flame

Not being an American...

I don't believe everyone has the right to own a handgun. In my country, owning a handgun is not easy. These downloadable plans make it (relatively) easy for anyone at my daughter's school to acquire one. Easy access to guns for kids is just downright stupid, and will inevitably lead to tragedy and heartbreak for many families down the road. If Amercans all want to give their kids guns, that's their prerogative, but keep them the hell away from our kids. Everyone owning a gun is not a part of our culture. Americans most certainly do not have the right to distribute firearms to our kids. And please spare me the semantic arguments about how this is not the same as distributing actual guns.

0
1

Apple debuts two-step verification for Apple IDs

grandours

Re: Second Deadbolt on the Front Door

Well, it helps for those with easily solvable security questions, and for those with passwords such as "Pa55word".

0
0

Home Sec: Let us have Snoop Charter or PEOPLE WILL DIE

grandours

The new party line

They tried the same thing here in Canada, when the public safety minister said that people who are against their proposed legislation are "with the child pornographers". Fortunately, there was a huge backlash and the legislation was dumped (for now). Big brother is working hard to expand his reach.

http://www.theglobeandmail.com/news/politics/tories-on-e-snooping-stand-with-us-or-with-the-child-pornographers/article545799/

3
0

Fanbois: The Next Generation. YOUR CHILDREN belong to Apple now

grandours
Happy

This validates apples reputation...

as a quality toy maker. (Posted from my wife's iPad.)

3
0

Twitter simps fall for 'Obama punched a guy' vid promise scam

grandours
Windows

No need to fall for a scam...

If you want to see a head of state get rough with someone, Canada's former prime minister "the boy from Shawinigan" Jean Chretien shows how it's done for real: http://www.youtube.com/watch?v=zMBJp0yJvsY

0
0

Forums

Biting the hand that feeds IT © 1998–2017