Why should Lulzsec be held accountable and not the ignorant/arrogant developers of the Stratfor/Mtgox/PS3 sites?
Everyone, EVERYONE, should be using something like LastPass, it makes me like MORE convenient than when I used the same password for everything and it's more secure because I have unique passwords everywhere.
As for credit card data, my understanding is that there are legal recourses for sites that store that data insecurely. Sadly, no one has taken my idea of an oauth style payments system where stealing a "credit card number" would be entirely meaningless.
For passwords, I typically use a Mandylion (http://mandylionlabs.com/products/token.htm). It has helped out quite a bit, the downside being I have to run a Windows VM for the token software.
All I'm getting is jargo overload from that page. I don't understand what that offers me over regular password generation/storage, besides having to use a VM would pretty much mean no deal unless I'm missing out on some killer feature.
Stores 50 passwords at a max of 14 characters? I have many passwords over 20 characters and have well over 200 passwords stored in LastPass. LastPass also supports two-factor auth via Google Authenticator now as well.
I really feel like I must be missing something. Its a glorified notepad? With the ability to XOR the passwords with another string for additional "protection"?
Seriously, what is going on with this post? Why does everyone feel the need to downvote it? Even the reply from the parent poster is basically "yeah, there's not a lot of modern day use for it".
I swear to God, I get more unexplained, unwarranted downvotes in the last month on HN than I can possibly wrap my head around.
And now my original post too? What the fuck? Are there really this many people here who have no taste for discourse or downvote posts that they simply don't like (maybe because it implies they ought to be accountable for their own actions?) Does anyone care to explain why irresponsible sites shouldn't be held accountable, why it's excusable to use the same password everywhere or why a friendly suggestion of LastPass is so out of line here?
Sorry, had to step out for some new years celebrations.
The long story short, I've had the mandylion for several years, before LastPass came to be. It was the only solution at the time that offered automatic generation of passwords, automatically re-generating them after a configurable amount of time, and something I could take around with me between various machines at my university / work. Now, I could use LastPass but I already have the Mandylion worked into my daily habits.
Anything that's a passphrase is something like a sentence out of a book or song, so I just remember the passwords for them. YMMV.
Everyone, EVERYONE, should be using something like LastPass, it makes me like MORE convenient than when I used the same password for everything and it's more secure because I have unique passwords everywhere.
As for credit card data, my understanding is that there are legal recourses for sites that store that data insecurely. Sadly, no one has taken my idea of an oauth style payments system where stealing a "credit card number" would be entirely meaningless.