Say goodbye to insane letter, number and symbol combos: Simplify your security with Password Boss

[Read the post]

Does it seem to anyone else that Boing Boing has recently become a place where an increasing number of ā€˜stories’ about products are posted? Sure, the occasional story about some cool new gizmo is great. But it seems like there’s a relentless number of ā€˜stories’ about mundane products that are difficult to distinguish from ad copy.

5 Likes

I would say ā€œyesā€. This post isn’t actually a ā€œstoryā€ at all, it is a native advertisement for Stack Social, an affiliate marketing scheme that gets various websites and blogs to post Stack Social’s deeply discounted offerings as if the store is run by those websites. Boing Boing calls the Stack Social offerings (which are available at numerous other websites with Stack Social affiliation) ā€œBoing Boing Dealsā€ and the store ā€œBoing Boing’s Store.ā€

I clicked over to this post from bbs.boingboing.net thinking it would be an article with a trick I could use to make strong passwords without using non-alpha characters. I did not expect a Stack Social ad. The ā€œShow Full Postā€ button did not reveal the category/ ā€œauthorā€ as ā€œBoing Boing’s Storeā€ the way clicking on the ā€œRead the postā€ link does, so I was surprised to find yet another deeply discounted BB Store ad for a security product rather than a real post.

Something else you should know is that when Boing Boing staff post articles under their own bylines they include affiliate links using their personal affiliate link accounts with various companies, such as Amazon. The author receives money directly from the company they link to, and in Amazon’s case, for every item you put in your cart within 24 hours of clicking on the link and complete the purchase of within 90 or so days. You don’t have to buy a single thing they specifically linked to for them to make money from the link. So, if you were wondering why there seem to be a lot of posts about rather ordinary kitchen items with a link, that’s why. Same goes for links to outragious items such as the $1200 barrel of lube.

1 Like

I realize this is just an ad so there’s no reason to expect it to contain information that’s good for you but I don’t understand why anyone would use an online password manager. Seems like a disaster waiting to happen, no matter how secure the company claims to be.

3 Likes

http://keepass.info/

https://bitbucket.org/devinmartin/keeotp/wiki/Home

http://lechnology.com/software/keeagent/

http://keefox.org/

http://inputstick.com/index.php/en/

I still haven’t pulled the trigger on that last one.

2 Likes

There are plenty of reasons to use an on-line password manager. It’s a matter of risk mitigation. Which is more risky? All of the easy to remember but totally insecure passwords you use around the web, or a very secure password manager that creates and manages secure passwords. Granted, an on-line password manager is a prime target for hackers. On the other hand, a password manager reduces the effectiveness of phishing attacks, because the password manager isn’t fooled by similar looking URLs.

Anyway, each approach has advantages and disadvantages. Nothing is perfect. However, if I’m going to use a password manager it needs to be rock solid with deep understanding of security, and that understanding is something only a professional audit can insure. I’m not especially inclined to base my internet security on deep affiliate marketing discounts. But, at least this product is real does get 4 out of 5 stars from PC Magazine. Even so, I think I’ll go with the 5 out of 5 stars products, one that has Mac support, and not an ā€œAll Sales Finalā€ deal.

What worries me about Password Boss is they use phrases like ā€œBank Grade Encryptionā€ as that really feels lame. Yes, they claim to be using 256bit AES but I would like to know how they implemented their setup.

At least with a company like Last Pass they have been tested and extremely open on how their system works and they deal properly and openly about problems.

I would like to see an audit of this service.

1 Like

I’m only suggesting people should consider using an offline password manager (like Keepass). Granted it’s not as convenient but it’s really not that bad in practice.

When was the last time that Keepass had a security audit?

Security is generally a trade off between security and convenience. I found keepass on my mac to be way too awkward and inconvenient for me to use regularly.

I’m not finding anything definitive, but here’s what a quick search turned up:

http://keepass.info/help/base/security.html

https://news.ycombinator.com/item?id=9727297

I don’t find any evidence of an organized audit. Short of finding a firm to do it for free, they would likely need to raise funds to do so. I would be happy to support that effort if they wanted to go that way.

Leaving aside the point that this sentence makes no sense (how can A be a tradeoff between A and B?) it really depends on what you’re storing.

A - My passwords for BB, Disqus, Slashdot - yeah, not a world ending event if they are compromised
B - My credit card numbers, Amazon/Newegg signins and Paypal passwords - not world ending if I find out about any disclosure AS bloody AP.
C - My banking and investment accounts - I want them protected as well as I do my eyeballs.

I find that KeePass, running inside my computer’s HDD (which is TrueCrypted at the root level, with a keyfile that’s not stored on the computer) is just about right. I would put all my passwords in one place on the ā€œcloudā€ about as readily as I would leave my wedding band on a sink in a Bronx men’s room.

Sorry, but security really is generally a trade off between security and convenience…

Simple example. Having no passwords is more convenient for me. But less secure. 3 factor authentication for every website and different random passwords for each and every website would be more secure, but less convenient.

Likewise, an on-line password vault synched across all my devices is much more convenient than a local password vault, but is also potentially less secure.

Your own choices are based on your personal choice where on the convenience/security continuum you are comfortable with. You are willing to give up some convenience (such as online storage) for increased security.

1 Password & Last Pass both are pretty good.
Dashlane wasn’t so great.

This looks pretty but i don’t see any reason to choose it over more established competition.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.