[ale] passwords

Michael B. Trausch mike at trausch.us
Sat Feb 12 15:16:34 EST 2011


On Sat, 2011-02-12 at 11:47 -0500, Michael H. Warfield wrote:
> Even federated ID systems, such as SecureID have come under attack as
> well as some 2-factor authentication such as SecureID, cell phone text
> system, and even smart cards.  A one time password system such as
> S/KEY or OPIE would be nice, but I don't see any becoming popular
> anytime soon.  Short of that, a well protected password safe that
> convenient to use with a good password generator is about the best you
> can hope for. 

That's pretty much what I do.  I keep an encrypted database on my phone
which I use.

Ideally, what I'd really like is an encrypted database that I can access
via a network, such that it's accessed over an encrypted channel, and
that way I'm not dependent on my phone for access to my passwords.

Another downside to the program that I am using is that I have to back
it up 100% manually in order to retain any security from it; it doesn't
backup the encrypted database.  It backs up the password store as a
plaintext XML file.  Sigh.

I generate all of my passwords using a Password Card [0].  The password
card number is also stored in my encrypted passwords database, so that
if I lose access to it, I can always recreate it.

I've even managed to start memorizing the passwords that I use
frequently.

	--- Mike

[0] http://www.passwordcard.org/en
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110212/4afe0ff4/attachment.bin 


More information about the Ale mailing list