DIYbanter - View Single Post - Storing passwords and associated security questions - X-post

David

On Thu, 27 Apr 2017 23:40:04 +0100, Nick wrote:

On 24/04/2017 16:18, Theo wrote:
In uk.d-i-y Jaimie Vandenbergh wrote:
A folder of text files or even password-locked Excel sheet on a cloud
drive or USB isn't quite the same thing, security wise...

Indeed. Keeping the passwords secure in memory is hard, and any
homebrew solution is likely to do it wrong. Use something designed for
the job by people who know what they're doing.

If you are an unimportant single person I'm not convinced.

For an unimportant person it is unlikely anyone will invest any time
cracking your home brew solution, as long as it is in some way non
standard. It doesn't have to be particularly good just quirky.

On the other hand malicious third parties will invest considerable
efforts trying to crack a standard widely used solution, even a well
designed one is vulnerable. If one of these systems is cracked your
account and details may be caught as one of millions exposed.

Yes, this is my main concern.

Something like LastPass is found to have a vulnerability and exploits will
be all over the place on the web.

If you have an encrypted USB stick (with your own choice of encryption
software) then you are mainly vulnerable to someone finding/stealing it
and deciding to brute force it.

Security by obscurity isn't the greatest approach but it does have some
advantages.

Cheers

Dave R

--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus