Jump to content

Help Me With My Security? :)


Daniel B

Recommended Posts

So...I just decided to get with the times and secure my passwords...because I fail and use the same few passwords for like 300 websites.

 

If anyone else is interested in PasswordBox (system to manage all of your passwords), I'd love if you could sign up with my referral link.  I don't get any money or anything out of it, I just get a free unlimited account once I get 5 referrals.  After I get 5 referrals I'm going to remove my link and someone else can post theres if they want :)

 

http://j.pbox.io/noYhb3NM

Link to comment
Share on other sites

Advice: dont put all the eggs in the same bagg ;)

The big problem is, it only needs one password to get them all :)

Memorise, memorise, encrypt a usb pen or microsd and store them. Is more safe ;)

Dont forget of you dont remember a password you always have a chance to recover without any cloud storage.

Just remember the recent "Fappening" from the Apple lol

Link to comment
Share on other sites

Advice: dont put all the eggs in the same bagg ;)

The big problem is, it only needs one password to get them all :)

Memorise, memorise, encrypt a usb pen or microsd and store them. Is more safe ;)

Dont forget of you dont remember a password you always have a chance to recover without any cloud storage.

Just remember the recent "Fappening" from the Apple lol

 

memorizing 300+ 18 character randomized passwords...or putting them into a usb pen is a lot less secure than using a system like this in my opinion.  It's got a master password + 2 factor authenication (soon)...so the security is fine in my eyes.  And makes it easy to then have random passwords for EVERYTHING :).

 

Some information if you feel like taking the time to read: https://www.passwordbox.com/media/Security-White-Paper-v1.8.pdf

Shorter version: https://www.passwordbox.com/security

Link to comment
Share on other sites

Suit yourselves, I feel perfectly safe with it.  All passwords are encrypted client-side using AES 256...that's secure enough for me :).  Not to mention the other levels of encryption on their end of things as well.

 

Once they get 2 Factor Auth completed, it'll be even better. (though I must admit, I thought they had it already).

 

However, I have to say...even if you don't want to use it...feel free to sign up real quick even if you never sign in again :).

Link to comment
Share on other sites

I already use LastPass, and am switching from it to PasswordBox as I think it's going to be a pretty nice competitor to LastPass....dev team seems very responsive from what I've seen.

 

Problem with using the USB options completely defeat the entire reason I'm going with this solution.  Ease of use, on multiple platforms, including mobile (I don't have a USB slot on my mobile...:))

Link to comment
Share on other sites

Suit yourselves, I feel perfectly safe with it.  All passwords are encrypted client-side using AES 256...that's secure enough for me :).  Not to mention the other levels of encryption on their end of things as well.

 

Once they get 2 Factor Auth completed, it'll be even better. (though I must admit, I thought they had it already).

 

However, I have to say...even if you don't want to use it...feel free to sign up real quick even if you never sign in again :).

I did sign up.... I may buy a premium for 1 month as well just to see If my trust would grow.  ;)

Link to comment
Share on other sites

I would use something like KeePassX to strore your credentials securely on a USB drive. I would encrypt the drive as well.

 

You could also use something a bit easier like LastPass with 2Factor-Auth and the other security settings they have in place.

 

+1 for LastPass.

 

I already use LastPass, and am switching from it to PasswordBox as I think it's going to be a pretty nice competitor to LastPass....dev team seems very responsive from what I've seen.

 

Problem with using the USB options completely defeat the entire reason I'm going with this solution.  Ease of use, on multiple platforms, including mobile (I don't have a USB slot on my mobile... :))

 

I need to go check out PasswordBox now.  What is it that you like about them over LastPass?

Link to comment
Share on other sites

+1 for LastPass.

 

 

I need to go check out PasswordBox now.  What is it that you like about them over LastPass?

 

The system just seems more userfriendly to me, looks a bit sleeker.  The devs seemed a bit more responsive to requests in the community from what I saw.  It doesn't have all of the features that LastPass has (be then it does have a few that LastPass doesn't).  They are still working on adding 2 Factor auth which is a bit of a downfall at the momemt...but hopefully that will be soon.

 

I already use LastPass, and just saw PasswordBox today so figured I'd check it out.  One reason was it seems to interface with mobile easier than lastpass (and once I get 5 referrals it's unlimited passwords for free and free mobile app is nice).  Though...even with out that they are both only $12 a year for all that...so not really a price factor to speak of.

Link to comment
Share on other sites

The system just seems more userfriendly to me, looks a bit sleeker.  The devs seemed a bit more responsive to requests in the community from what I saw.  It doesn't have all of the features that LastPass has (be then it does have a few that LastPass doesn't).  They are still working on adding 2 Factor auth which is a bit of a downfall at the momemt...but hopefully that will be soon.

User friendly isn't always a good thing, LastPass is miles ahead of what I see from PasswordBox in terms of security. Have you found any research papers dealing with PasswordBox? If not I wouldn't touch it no matter how pretty it was.

Link to comment
Share on other sites

Yeah, after only using it for a day I'm probably not going to keep using it for much more than a few more days to continue testing.  Syncing seems to be a bit iffy...and the mobile support is a bit annoying, requiring use of it's built in browser rather than other ones on the phone.  More of a useability issue for me than a security issue...because from everything I've read, and I've read all the indepth nitty gritty details myself...the security isn't "miles behind" any of the other ones (other than lack of 2 factor auth...which is actually a pretty big issue though).

Link to comment
Share on other sites

I'm not a fan of cloud storage of passwords. If the data is compromised, it could potentially be brute forced. It's also possible that a vulnerability in the encryption algorithm might be discovered in the future. I use a password manager, but the data is only stored on my devices. I could be robbed, but A. that's too much work for 1 set of passwords, and B. hackers prefer to work in the comfort of their parents basements.

Link to comment
Share on other sites

For you all :)

 

We are developping an native APP for Android/iPhone/Windows Mobile to store localy on the device all sencetive data, and we are trying to implement some of the best encryption metods, and also a 2 factor autentication, in the case of the device is stollen :)

 

The best part, is all local, encrypted and with two factor autentication (we are thinking on Face Recognition + Touch Puzzle or Touch Puzzle + Password, after 10 times rong, the data is destroyed) but in this case we will sell the APP but for a very small fee :)

Link to comment
Share on other sites

I'm not a fan of cloud storage of passwords. If the data is compromised, it could potentially be brute forced. It's also possible that a vulnerability in the encryption algorithm might be discovered in the future. I use a password manager, but the data is only stored on my devices. I could be robbed, but A. that's too much work for 1 set of passwords, and B. hackers prefer to work in the comfort of their parents basements.

 

What do you use?  I've been thinking about using a local only manager...but how do you manage on your mobile devices?

Link to comment
Share on other sites

I'm not a fan of cloud storage of passwords. If the data is compromised, it could potentially be brute forced. It's also possible that a vulnerability in the encryption algorithm might be discovered in the future. I use a password manager, but the data is only stored on my devices. I could be robbed, but A. that's too much work for 1 set of passwords, and B. hackers prefer to work in the comfort of their parents basements.

Though I agree with you, if your passwords can be brute forced before you find out the storage was hacked than you are using insecure passwords. Ideally they should be complex enough so if someone gets the hash it would take years to crack.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...