Hacker News new | past | comments | ask | show | jobs | submit login

All the security measures usually presented (including here) are completely unrealistic - no one can use different, complex passwords on every site we log into, and then change them every month!

The only way to do this would be to use a password manager in an Saas mode... and if it gets cracked then you're completely doomed and lose all access to all services.

People probably assume that the time saved by not caring about security is greater than the time they will lose if (when) they're attacked, and they may be right.




I do exactly that, using keepassX. Single use, complex passwords that I change every two months, stored in a shared encrypted database.

What exactly is hard about it?


keepassX seems to be a local application: how do you use it on mobile, or when you're not at home?

Also: if the database gets corrupted, you lose access to all services; if you have backups then it's a little less safe; if the main password for the database is strong you may forget it (or need to write it down somewhere outside the system); if it's not strong it's not safe.


There are mobile clients for KeePass databases. So you just need to keep a copy of your database on your phone. That's extremely easy to do with syncing data apps like SpiderOak.


Soooo you're still using a cloud service to sync your passwords, right?


I cannot say for Android, but if you keep kdbx file on a Dropbox, you can access it with iKeepass iOS app


Android clients exist for both keepass v1 and keepass v2 :)


why shouldnt the average user write down his/her master database password and store it in the kitchen drawer?


Does keepassX manage the password changing or is that something you schedule and do manually?


You still have to do it manually I think. Having a standardized API to change passwords (a "Rotate all my passwords" buttons) would be nice, but potentially a huge step forward in automating password attacks.


Thanks. I confirmed a Debian package. If I can sync devices I think I'm golden.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: