July 20, 2018 at 7:32 am
Eric M Russell - Friday, July 20, 2018 7:06 AMI have a password manager app on my phone, but I don't enter the entire password, only a shorter tokenized version. For example, instead of "GreenDay!871", I'll enter "G*871". That way if the app were to be hacked, I'm not losing all the family jewels.
Well, what happens when the *server* gets hacked? That's the real danger.
July 20, 2018 at 7:45 am
roger.plowman - Friday, July 20, 2018 7:32 AMEric M Russell - Friday, July 20, 2018 7:06 AMI have a password manager app on my phone, but I don't enter the entire password, only a shorter tokenized version. For example, instead of "GreenDay!871", I'll enter "G*871". That way if the app were to be hacked, I'm not losing all the family jewels.Well, what happens when the *server* gets hacked? That's the real danger.
The password manager I use doesn't store the database file on any server, unless I configure it to backup or share to my personal iCloud or OneDrive. What I meant in my previous post is that ALL the passwords I contain in my password manager are tokenized, so even if someone did get hold of the encrypted database file located on my phone, and even if they could decrypt it, they still wouldn't have usable passwords, because they full passwords are never stored in the app. There is a web browser feature build into the app intended to navigate the user to the website login pages, and the developers of the app could potentially leverage that to capture login credentials, but I don't use the app's browser, I only use the app to get password hints. By not using the app in the way it was fully intended, I'm sacrificing convenience for more security. Convenience versus Security; that's a trade-off.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 2 posts - 16 through 16 (of 16 total)
You must be logged in to reply to this topic. Login to reply