Passwords are a pain.
- Almost every web page has its own registry mechanism where you have to use another password
- The amount of passwords needed lead to password reuse
- Nowadays, if you have someones facebook account name, you could look up at studivz, xing, gmail, yahoo, battle.net, steam, etc.
- Result: Passwords are not that safe
If one account gets compromised, many other accounts will get compromised too
For the last year I used Keepass. All my passwords were stored in an encrypted databank and this was synced via DropBox so that on each PC I was using, I had the same passwords. As DropBox is free for 2GB storage, this is a totally free solution.
However, there are some downfalls:
- Passwords are mostly used inside the browser and you had to switch between programs to insert the credentials into the forms
- Keepass does not have really good browser integration
- Mobile devices like iPad, Android mobile phone, etc. makes this not very usable
My new solution: LastPass.com
- Lets you store your passwords online in the cloud
- Integrates extremly well into Chrome, Firefox and other browsers
Example: when I go to facebook.com, the plugin checks if I am logged in. If not, it automatically logs in. Simple, isn’t it? - Useable on mobile devices, too. Like on the iPad, iPhone, android, blackberry, etc.
- Normally, its free. But if you need more functionality, it costs 12$ anually, which is quite affordable.
The only thing that I thought about way, whats the downfall? Hm, maybe, that someone else stores my passwords? Yes, that is a problem. So, how does this company do to avoid maluse of their data:
Encryption and decryption of the passwords takes place on the local machine using JavaScript or a C++ AES algorithm. http://lastpass.com/whylastpass_technology.php
Simon Harrer 