Does it seem to anyone else that Boing Boing has recently become a place where an increasing number of āstoriesā about products are posted? Sure, the occasional story about some cool new gizmo is great. But it seems like thereās a relentless number of āstoriesā about mundane products that are difficult to distinguish from ad copy.
I would say āyesā. This post isnāt actually a āstoryā at all, it is a native advertisement for Stack Social, an affiliate marketing scheme that gets various websites and blogs to post Stack Socialās deeply discounted offerings as if the store is run by those websites. Boing Boing calls the Stack Social offerings (which are available at numerous other websites with Stack Social affiliation) āBoing Boing Dealsā and the store āBoing Boingās Store.ā
I clicked over to this post from bbs.boingboing.net thinking it would be an article with a trick I could use to make strong passwords without using non-alpha characters. I did not expect a Stack Social ad. The āShow Full Postā button did not reveal the category/ āauthorā as āBoing Boingās Storeā the way clicking on the āRead the postā link does, so I was surprised to find yet another deeply discounted BB Store ad for a security product rather than a real post.
Something else you should know is that when Boing Boing staff post articles under their own bylines they include affiliate links using their personal affiliate link accounts with various companies, such as Amazon. The author receives money directly from the company they link to, and in Amazonās case, for every item you put in your cart within 24 hours of clicking on the link and complete the purchase of within 90 or so days. You donāt have to buy a single thing they specifically linked to for them to make money from the link. So, if you were wondering why there seem to be a lot of posts about rather ordinary kitchen items with a link, thatās why. Same goes for links to outragious items such as the $1200 barrel of lube.
I realize this is just an ad so thereās no reason to expect it to contain information thatās good for you but I donāt understand why anyone would use an online password manager. Seems like a disaster waiting to happen, no matter how secure the company claims to be.
https://bitbucket.org/devinmartin/keeotp/wiki/Home
http://lechnology.com/software/keeagent/
http://inputstick.com/index.php/en/
I still havenāt pulled the trigger on that last one.
There are plenty of reasons to use an on-line password manager. Itās a matter of risk mitigation. Which is more risky? All of the easy to remember but totally insecure passwords you use around the web, or a very secure password manager that creates and manages secure passwords. Granted, an on-line password manager is a prime target for hackers. On the other hand, a password manager reduces the effectiveness of phishing attacks, because the password manager isnāt fooled by similar looking URLs.
Anyway, each approach has advantages and disadvantages. Nothing is perfect. However, if Iām going to use a password manager it needs to be rock solid with deep understanding of security, and that understanding is something only a professional audit can insure. Iām not especially inclined to base my internet security on deep affiliate marketing discounts. But, at least this product is real does get 4 out of 5 stars from PC Magazine. Even so, I think Iāll go with the 5 out of 5 stars products, one that has Mac support, and not an āAll Sales Finalā deal.
What worries me about Password Boss is they use phrases like āBank Grade Encryptionā as that really feels lame. Yes, they claim to be using 256bit AES but I would like to know how they implemented their setup.
At least with a company like Last Pass they have been tested and extremely open on how their system works and they deal properly and openly about problems.
I would like to see an audit of this service.
Iām only suggesting people should consider using an offline password manager (like Keepass). Granted itās not as convenient but itās really not that bad in practice.
When was the last time that Keepass had a security audit?
Security is generally a trade off between security and convenience. I found keepass on my mac to be way too awkward and inconvenient for me to use regularly.
Iām not finding anything definitive, but hereās what a quick search turned up:
http://keepass.info/help/base/security.html
https://news.ycombinator.com/item?id=9727297
I donāt find any evidence of an organized audit. Short of finding a firm to do it for free, they would likely need to raise funds to do so. I would be happy to support that effort if they wanted to go that way.
Leaving aside the point that this sentence makes no sense (how can A be a tradeoff between A and B?) it really depends on what youāre storing.
A - My passwords for BB, Disqus, Slashdot - yeah, not a world ending event if they are compromised
B - My credit card numbers, Amazon/Newegg signins and Paypal passwords - not world ending if I find out about any disclosure AS bloody AP.
C - My banking and investment accounts - I want them protected as well as I do my eyeballs.
I find that KeePass, running inside my computerās HDD (which is TrueCrypted at the root level, with a keyfile thatās not stored on the computer) is just about right. I would put all my passwords in one place on the ācloudā about as readily as I would leave my wedding band on a sink in a Bronx menās room.
Sorry, but security really is generally a trade off between security and convenienceā¦
Simple example. Having no passwords is more convenient for me. But less secure. 3 factor authentication for every website and different random passwords for each and every website would be more secure, but less convenient.
Likewise, an on-line password vault synched across all my devices is much more convenient than a local password vault, but is also potentially less secure.
Your own choices are based on your personal choice where on the convenience/security continuum you are comfortable with. You are willing to give up some convenience (such as online storage) for increased security.
1 Password & Last Pass both are pretty good.
Dashlane wasnāt so great.
This looks pretty but i donāt see any reason to choose it over more established competition.
This topic was automatically closed after 5 days. New replies are no longer allowed.
