DMZ in a Box Don't Panic !

14Jan/120

[Cloud] Why would you want store your passwords in the cloud ?

Are you using a cloud based password storage like Lastpass or Firefox Sync ?

How much confidence do you have in those ?

Do you store your eBanking or Paypal passwords here ?

Perhaps you should not.

All cloud based services are claiming they are secure, and I really hope they are but there are some caveat you have to be aware of before using such services.

First thing first, ensure the service is "protected" by a master password that CANNOT be recovered but still can be changed.How likely is it to lose you master password ? Yes, very unlikely, I'm sure you wrote it somewhere (That's bad) or know it by heart because you use it everywhere (That's also bad). You'll think I'm paranoid, I'm not, not enough.

You master password should be unique,strong and never written, ever. Unique because you might tell someone your dropbox password to print that document you need, your amazon password to check if your order has been delivered before going to the post office, and so on. You can't trust others, they will try to use your password to connect to you GMail, your Paypal, your .... anything. And guess what, if they saw your using <pick a cloud password service here>, they might also try it here too. And guess what, they will know much more about you there than what you'd have expected to.

You password should not be recoverable for similar reasons,  let's put up a simple scenario based on real office life. You're at your desk with some browser open, some guy come up to ask you for anything in his office, you leave your desk without locking your computer... You'd never do that ? Perfect. Let's continue the story, your email client is open and/or password is "Always remember me on this computer", guess what's next ? "Reset password".

Now if you still want to store you passwords in the cloud, I don't mind, it's you, not me. By the way you should still think about free and open alternatives such as KeePass, a safe and cross platform alternative to the cloud.

Why using KeePass ?  It's free, open, encrypted, works with Two-Factor authentication, and YOU, and only YOU know who can access it, your USB Pendrive, your home folder, not a stranger that Keylogged your password randomly.

Still sceptical ? LastPass Security Notice - LastPass Vulnerability -   CVE-2009-1781 ...

No related posts.

Enjoy this article?

Consider subscribing to our rss feed!

Tagged as: , , , Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

(required)

No trackbacks yet.

» «

Tags

android cloud cyanogen domogik draft hacking ideas IOS linux mac macfuse MDM mercurial mobileiron news onewire osx.lion osxfuse password privacy scada security smartphone sshfs touchpad wifi

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

About me

This Weblog is powered by Romain BOURDY.
I'm a Network Security consultant, with interest for Home automation, mobility and WEB technologies.

Related

No related posts.