Reusing passwords If you use the same password to log in to websites A and B, then if website A gets compromised (or the admin has ill intentions for you), then can also access your account at website B. (Even though for Steemit you couldn't even pick your own password, so unless your memory is really good, you're already storing that one somewhere.) A password manager helps you avoid two pitfalls: In case you're not yet fully convinced you need a password manager, let me try to convince you. Thus, a few days ago I decided to take action and invest some effort into finding a good password manager. But that last category has by now gotten so large and I actually started to care about some of my accounts on these websites, so I need a new approach. Of course I don't have just one: a unique one for my email, another one for my bank, one password for websites I don't care about. And as a cryptographer (although a theoretical one – I'm basically a mathematician), I really should know better. No browser extension, no mobile sync – so I end up with memorizing most of my passwords anyway, which means I reuse a lot of my passwords.īut, as you might know, reusing passwords is bad.
I can store and retrieve passwords, but it's cumbersome. It works, it's probably fairly secure (because of good crypto, but also: who's gonna attack my password manager that only I use?). I've been using a home-brew password manager I came up with a few years ago, but I'd never really invested much effort in it. It's something I've been telling myself for a couple of years now. "You really should use a proper password manager." I then compare 1Password, Lastpass, Enpass, KeePass, pass, iCloud Keychain, and memorization with a paper notebook as backup, and see how they each stack up in terms of security and usability. Summary: To evaluate the various password managers available, I come up with desired features and a threat model.
0 kommentar(er)
