[clug] Adobe Password Breach

Hal Ashburner hal at ashburner.info
Tue Nov 5 15:42:17 MST 2013


On 6 November 2013 08:54, Craig Small <csmall at enc.com.au> wrote:

> On Tue, Nov 05, 2013 at 09:19:02PM +1100, Sam Couter wrote:
> > Hal Ashburner <hal at ashburner.info> wrote:
> > > given you don't want them on your phone
> >
> > Sure you do, then you have access to them wherever you take your phone,
> > which is... everywhere, right? Just make sure you use a decent master
> > passphrase.
> I use awallet myself but there are a few good ones.  It needs to have
> a master passphrase and of course encrypted store.
>
> The thing about a password keeper is the incremental effort for
> the next unique password for the next website that needs one is pretty
> minimal. That means you generally use unique passwords more and they're
> truly unique, not just blahMSN, blahAdobe, blahGmail etc which people
> can have a good go at guessing.
>

Cool. Some random questions occur to me:

How do you back that up so if you lose your phone you're not stuffed when
you need to do some banking in a hurry as your wallet was stolen too?
Or you want to change phones, or use a real computer because using the
phone for much beyond casual browsing is a royal pain.
Can you dump the encrypted store and import into an equivalent program on
your laptop?  Then what happens if you add one password to your phone and a
different site and password to your laptop - are they smart enough not to
clobber?
Can they cope with these moronic websites, like say, your bank that insist
on "at least one number, one piece of punctuation but no more than 8
characters" because they, um, why do they limit the size? Because they're
not storing hashes but actually store the palintext password on their
database? Really? Or they just can't program?

Is it better than a master list created with a text editor on a remote box
that you store gpg encrypted and can backup? (I'm not doubting or being
cynical btw, I'm asking as I don't know and you've got the experience I
lack).


More information about the linux mailing list