Say goodbye to insane letter, number and symbol combos: Simplify your security with Password Boss

[Read the post]

Does it seem to anyone else that Boing Boing has recently become a place where an increasing number of ā€˜storiesā€™ about products are posted? Sure, the occasional story about some cool new gizmo is great. But it seems like thereā€™s a relentless number of ā€˜storiesā€™ about mundane products that are difficult to distinguish from ad copy.

5 Likes

I would say ā€œyesā€. This post isnā€™t actually a ā€œstoryā€ at all, it is a native advertisement for Stack Social, an affiliate marketing scheme that gets various websites and blogs to post Stack Socialā€™s deeply discounted offerings as if the store is run by those websites. Boing Boing calls the Stack Social offerings (which are available at numerous other websites with Stack Social affiliation) ā€œBoing Boing Dealsā€ and the store ā€œBoing Boingā€™s Store.ā€

I clicked over to this post from bbs.boingboing.net thinking it would be an article with a trick I could use to make strong passwords without using non-alpha characters. I did not expect a Stack Social ad. The ā€œShow Full Postā€ button did not reveal the category/ ā€œauthorā€ as ā€œBoing Boingā€™s Storeā€ the way clicking on the ā€œRead the postā€ link does, so I was surprised to find yet another deeply discounted BB Store ad for a security product rather than a real post.

Something else you should know is that when Boing Boing staff post articles under their own bylines they include affiliate links using their personal affiliate link accounts with various companies, such as Amazon. The author receives money directly from the company they link to, and in Amazonā€™s case, for every item you put in your cart within 24 hours of clicking on the link and complete the purchase of within 90 or so days. You donā€™t have to buy a single thing they specifically linked to for them to make money from the link. So, if you were wondering why there seem to be a lot of posts about rather ordinary kitchen items with a link, thatā€™s why. Same goes for links to outragious items such as the $1200 barrel of lube.

1 Like

I realize this is just an ad so thereā€™s no reason to expect it to contain information thatā€™s good for you but I donā€™t understand why anyone would use an online password manager. Seems like a disaster waiting to happen, no matter how secure the company claims to be.

3 Likes

http://keepass.info/

https://bitbucket.org/devinmartin/keeotp/wiki/Home

http://lechnology.com/software/keeagent/

http://keefox.org/

http://inputstick.com/index.php/en/

I still havenā€™t pulled the trigger on that last one.

2 Likes

There are plenty of reasons to use an on-line password manager. Itā€™s a matter of risk mitigation. Which is more risky? All of the easy to remember but totally insecure passwords you use around the web, or a very secure password manager that creates and manages secure passwords. Granted, an on-line password manager is a prime target for hackers. On the other hand, a password manager reduces the effectiveness of phishing attacks, because the password manager isnā€™t fooled by similar looking URLs.

Anyway, each approach has advantages and disadvantages. Nothing is perfect. However, if Iā€™m going to use a password manager it needs to be rock solid with deep understanding of security, and that understanding is something only a professional audit can insure. Iā€™m not especially inclined to base my internet security on deep affiliate marketing discounts. But, at least this product is real does get 4 out of 5 stars from PC Magazine. Even so, I think Iā€™ll go with the 5 out of 5 stars products, one that has Mac support, and not an ā€œAll Sales Finalā€ deal.

What worries me about Password Boss is they use phrases like ā€œBank Grade Encryptionā€ as that really feels lame. Yes, they claim to be using 256bit AES but I would like to know how they implemented their setup.

At least with a company like Last Pass they have been tested and extremely open on how their system works and they deal properly and openly about problems.

I would like to see an audit of this service.

1 Like

Iā€™m only suggesting people should consider using an offline password manager (like Keepass). Granted itā€™s not as convenient but itā€™s really not that bad in practice.

When was the last time that Keepass had a security audit?

Security is generally a trade off between security and convenience. I found keepass on my mac to be way too awkward and inconvenient for me to use regularly.

Iā€™m not finding anything definitive, but hereā€™s what a quick search turned up:

http://keepass.info/help/base/security.html

https://news.ycombinator.com/item?id=9727297

I donā€™t find any evidence of an organized audit. Short of finding a firm to do it for free, they would likely need to raise funds to do so. I would be happy to support that effort if they wanted to go that way.

Leaving aside the point that this sentence makes no sense (how can A be a tradeoff between A and B?) it really depends on what youā€™re storing.

A - My passwords for BB, Disqus, Slashdot - yeah, not a world ending event if they are compromised
B - My credit card numbers, Amazon/Newegg signins and Paypal passwords - not world ending if I find out about any disclosure AS bloody AP.
C - My banking and investment accounts - I want them protected as well as I do my eyeballs.

I find that KeePass, running inside my computerā€™s HDD (which is TrueCrypted at the root level, with a keyfile thatā€™s not stored on the computer) is just about right. I would put all my passwords in one place on the ā€œcloudā€ about as readily as I would leave my wedding band on a sink in a Bronx menā€™s room.

Sorry, but security really is generally a trade off between security and convenienceā€¦

Simple example. Having no passwords is more convenient for me. But less secure. 3 factor authentication for every website and different random passwords for each and every website would be more secure, but less convenient.

Likewise, an on-line password vault synched across all my devices is much more convenient than a local password vault, but is also potentially less secure.

Your own choices are based on your personal choice where on the convenience/security continuum you are comfortable with. You are willing to give up some convenience (such as online storage) for increased security.

1 Password & Last Pass both are pretty good.
Dashlane wasnā€™t so great.

This looks pretty but i donā€™t see any reason to choose it over more established competition.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.