maccored wrote: » isnt the idea of a password manager a bit silly? All anyone needs to know then is the password to your password manager.
Send In The Robots wrote: » Agree, and wasn't one of those major password site managers on the news as being hacked recently making it a null option.
....... wrote: » This post has been deleted.
Alun wrote: » Not really. The master password isn't stored anywhere accessible to an attacker, it's used locally to scramble your passwords before uploading to the password manager server, and the password manager company themselves don't know your master password either. Plus any potential hacker has to log in to the password manager in the first place and there are all kinds of hurdles you can put in the way of that happening such as device restrictions, 2FA and geographic limits.
Send In The Robots wrote: » Can't link but 'OneLogin' was on the news recently, it suffered a serious data breach.
maccored wrote: » a password you make up that can get hacked is also not 'stored anywhere accessible to an attacker'. A bad password is a bad password, so if you have a crap password for a password manager then the hacker has a list to all the other account passwords. how they get to the password manager etc etc is totally irrelevant
stimpson wrote: »
spoonbadger wrote: » If I searched your hard drive for the username or email of an account of yours I wanted the password for, would I find that file
Deise Vu wrote: » I don't really understand the question. My email user name, as an example, would be contained within the excel file which is password protected but it obviously wouldn't appear in the excel file name. Is it the case that forensic searches can bypass file encryption and drill into the files? (Genuine question again!). My email user name will also appear on a million emails going in and out but very few excel files I suppose.
stimpson wrote: » What version of Excel?
Deise Vu wrote: » Someone would have to hack into our system, locate the file (which has a harmless sounding name),and break the encryption.
Is that less safe than trusting some anonymous corporation in Cyber Space as most of the techies here seem to have done? (That's a genuine question, I'm not being smart assed, I consider myself tech-savvy but am most definitely not a tech).
Hotblack Desiato wrote: » All very easily done and it only takes one phishing email sent to a user of an unpatched system to manage it - all your files can be sucked down to the attacker's system and examined at their leisure for juicy stuff. Although it's usually a lot more lucrative for them these days to just encrypt your files and look for a ransom... Office encryption is not really encryption, think of it as one of those novelty 'padlocks' you get in a christmas cracker. Absolutely trivial to crack open.
Hotblack Desiato wrote: » Whatever about the others KeePass isn't an anonymous corporation, it's an open source project and you retain your password store yourself (although you could put it on a cloud service if you wanted.) ALL software has flaws and ALL software must be patched promptly when flaws are discovered. Amateur admins who don't know what they are doing and don't like patching will sooner or later get caught out badly, and it only takes one bad cybercrime incident to destroy a business for good.
Gone Drinking wrote: » Don't understand password managers, you've one password then for all your passwords. What if someone looks over your shoulder and sees it, or puts a key logger on your machine? Just never understood it.
Deise Vu wrote: » Office 2010. Version 14.0.7128.500 (32Bit) I got fed up with the constant change for the sake of it and never upgraded since. Don't tell me I have to cave in now?
Deise Vu wrote: » Thanks for all the suggestions guys but at the end of the day, I am not looking for security solutions, my point is that for ordinary, every day people e-commerce in all it's various forms will collapse unless someone comes up with something unique and, preferably, biometric, that can be transferred across all technologies. Looking back on the thread I think it would be fair to say that Joe Soap has too many simple and exposed passwords while Joe Hacker is getting ever more sophisticated. That can only end one way and that's very, very badly.