[ale] passwords
Michael B. Trausch
mike at trausch.us
Sat Feb 12 15:16:34 EST 2011
On Sat, 2011-02-12 at 11:47 -0500, Michael H. Warfield wrote:
> Even federated ID systems, such as SecureID have come under attack as
> well as some 2-factor authentication such as SecureID, cell phone text
> system, and even smart cards. A one time password system such as
> S/KEY or OPIE would be nice, but I don't see any becoming popular
> anytime soon. Short of that, a well protected password safe that
> convenient to use with a good password generator is about the best you
> can hope for.
That's pretty much what I do. I keep an encrypted database on my phone
which I use.
Ideally, what I'd really like is an encrypted database that I can access
via a network, such that it's accessed over an encrypted channel, and
that way I'm not dependent on my phone for access to my passwords.
Another downside to the program that I am using is that I have to back
it up 100% manually in order to retain any security from it; it doesn't
backup the encrypted database. It backs up the password store as a
plaintext XML file. Sigh.
I generate all of my passwords using a Password Card [0]. The password
card number is also stored in my encrypted passwords database, so that
if I lose access to it, I can always recreate it.
I've even managed to start memorizing the passwords that I use
frequently.
--- Mike
[0] http://www.passwordcard.org/en
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110212/4afe0ff4/attachment.bin
More information about the Ale
mailing list