Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Plea For Websites To Stop Blocking Password Managers

Posted by Soulskill on from the 123456-letmein dept.

An anonymous reader writes: Password managers aren't a security panacea, but experts widely agree that it's better to use one than to have weak (but easy-to-remember) passwords. Just this week, they were listed as a tool non-experts don't use as much as experts do. I use one, and a pet peeve of mine is when a website specifically (or through bad design) interferes with the copying and pasting of a password. Thus, I appreciated this rant about it in Wired: "It's unacceptable that in an age where our lives are increasingly being played out online, and are sometimes only protected by a password, some sites deliberately stop their users from being as secure as possible, for no really justifiable reason."

4 of 365 comments (clear)

  1. Re: A plea to fuck off. by Overzeetop · · Score: 4, Interesting

    horse battery staple

    Not any more. Words are now characters. You have a 3 character password right there. Unless you're going to munge up the words with misspellings or nonalphanumerics,

    Besides, having to type in your master pass[phrase] that's 30 characters long into something like LastPass from a phone keyboard with ******** as your visual feedback every time you need to re-authorize (which should be frequent if you're being diligent) is a royal pain in the ass. Do that for a couple of days and you'll be back to 12345 out of shear frustration.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  2. Re:Prioritization vs Managers by Overzeetop · · Score: 5, Interesting

    Managers are like placing all of your eggs in one basket which has been specifically designed for carrying eggs, with proper separation and cushioning against nearly all common shipping contingencies.

    Having a couple of really secure passwords and a couple of throwaways is like putting a couple of small eggs in your back pocket and carrying the big ones in your hands. Much more convenient, and only as secure as you are diligent.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  3. Re:Scripts that interact with passwords fields aws by MrL0G1C · · Score: 5, Interesting

    Since my password manager is a simple piece of software - an encrypted database of my passwords that runs on my computer with the data on my computer, I'd say yes, I have no reason not to trust it. I wouldn't put my bank login details in to it though, because of vulnerabilities + trojans + keystroke-loggers.

    Trust an online password manager - hell no.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  4. Re:Scripts that interact with passwords fields aws by stevel · · Score: 5, Interesting

    LastPass is no more proprietary than KeePass. The JavaScript implementation is visible. And while their server was hacked, the thieves got nothing of value since the contents of your "vault" never leave your computer unencrypted and LastPass doesn't have the key.

    I agree with the article - blocking password managers lowers security.