Comments on: NCSAM TIP #14: Password Management http://blogs.cisco.com/security/ncsam-tip14-password-management/ Wed, 19 Jun 2013 16:52:29 +0000 hourly 1 By: Nitin Jain http://blogs.cisco.com/security/ncsam-tip14-password-management/#comment-348662 Nitin Jain Mon, 24 Oct 2011 22:22:34 +0000 http://blogs.cisco.com/?p=47628#comment-348662 I am using last pass since a year and it is very good
For password management and keeping password stored in
Exel sheet along with automatic password filling option.. Which is quite good

   0 likes

]]> By: Andy Balinsky http://blogs.cisco.com/security/ncsam-tip14-password-management/#comment-334906 Andy Balinsky Fri, 21 Oct 2011 18:59:30 +0000 http://blogs.cisco.com/?p=47628#comment-334906 Those virtual keyboards are certainly a good defense against keystroke loggers. For completely compromised machines, other things can be recorded, too, such as mouse clicks, screen captures, etc. So they are a step up, but never a 100% safety guarantee.
Cloud-based storage is purely a personal choice between convenience and security. There is always additional risk, no matter how mitigated, to trusting your passwords to a cloud service. These risks can be reduced if the cloud provider doesn’t have the encryption key, and has strong security practices and technical controls. Of course, your local password store could also be lost in the event of theft or computer compromise. In either case, it then comes down to the strength of your master secrets, and the willingness of the adversary to apply computing resources against them. On a humorous note, this comic points out that the secrets themselves aren’t always the weakest link: http://xkcd.com/538

   0 likes

]]> By: Usman http://blogs.cisco.com/security/ncsam-tip14-password-management/#comment-330883 Usman Fri, 21 Oct 2011 04:29:04 +0000 http://blogs.cisco.com/?p=47628#comment-330883 Well i am confronted with the same threat of password theft. I have been using different passwords for different accounts but for this reason I have to remember multiple passwords. Well personally i think the software programs that allow entry of the password on a virtual keyboard through mouse clicks are more reliable for protection against keystroke loggers but i think its not a wise idea to store passwords in a cloud based storage service.

   0 likes

]]> By: Andreas http://blogs.cisco.com/security/ncsam-tip14-password-management/#comment-329036 Andreas Thu, 20 Oct 2011 21:09:22 +0000 http://blogs.cisco.com/?p=47628#comment-329036 well, i recommend http://keepass.sf.net
client based, open source and strong encryptions, with mono (2.x) or wine (1.x) even running on linux. i use it since ~4-5 years.

   0 likes

]]> By: Andy Balinsky http://blogs.cisco.com/security/ncsam-tip14-password-management/#comment-328612 Andy Balinsky Thu, 20 Oct 2011 19:14:45 +0000 http://blogs.cisco.com/?p=47628#comment-328612 Thanks for the endorsement. There are a number of password managers out there. I avoided promoting any particular one publicly, but the one I use works great on MacOS, iOS, Windows, and all synchronized automatically, so rarely have to type a password.

   0 likes

]]> By: Colin Westwater http://blogs.cisco.com/security/ncsam-tip14-password-management/#comment-328302 Colin Westwater Thu, 20 Oct 2011 17:39:57 +0000 http://blogs.cisco.com/?p=47628#comment-328302 LastPass is excellent. Paired with Chrome and Dolphin Browser HD on my HTC Desire it has simplified my password management and made my logins more secure

   0 likes

]]>