Ankh Morpork's Finest Coder
Tuesday, January 25, 2005
Pluralsight Password Minder - WHY?
What were they thinking? What the hell were they thinking? A Password minder that generates and uses password that are "Secure". Give your credit card number to a spammer RIGHT NOW! Password managers while more secure than either recycling your passwords or using simple numeric or only alphabetical characters is still NOT secure. In the levels of security for 1 to 10, I give it a 3 and i'm being generous. My reasons for such a score. Well let me first say that I'm sure the code is all correct and that the program might be easy to use yadda yadda. BUT. Its a great security risk. Now if a trojan or some sort of logger is running, then a malicious person can get the password to your password manager and find a way to get the passwords out of it. BAD BAD BAD!
AOL now has a new card that hashes a number key that the login server of AOL knows about and because of this changing hash, it is a lot more secure than its counterparts. Again not the best but definately an 8.
So if you are using some password manager, don't just get rid of it because I said its a security threat. Its probably better than not using anything. However, if something like what AOL is providing comes along, then definately opt for that if you have the choice.