Web lists-archives.com

Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)




On Mon 02 Apr 2018 at 09:07:16 -0400, rhkramer@xxxxxxxxx wrote:

> Just continuing to think (or maybe not think ;-) about password managers /  
> password security, changing the focus slightly (I think) but keeping the same 
> thread.
> 
> I'm now thinking about the security (or vulnurability) of passwords during 
> "normal" usage--I mean, I'm thinking about the times when a password, even 
> though stored in a very secure manner (in a password manager or encrypted 
> file(s) of some sort), the password is viewable in plain text, and thus, to a 
> greater or lesser degree, vulnurable.

[...]

Your concern is what can be scraped from the clipboard or from memory.
Does it really matter whether a password is inputted through copy and
paste or from  memory (your memory, that is) or via a password manager?
The keyboard or pointing device is still being used.

Secure storage is irrelevant. It's when you come to use it you expose
the password, whether it be by typing it in or through something which
manages passwords.

The solution is never to log in anywhere. :) Life without risk.

Just choose a password manager and stick with it or continue with what
you already do.

-- 
Brian.