Originally Posted by Apple ][
Me. I just haven't gotten around to it yet I guess.
The passwords that I choose are extremely secure though. They're long, they use all sorts of strange characters, numbers and capital/small letters when possible, and they're not going to be guessed by any dictionary. I just keep track of them manually. It doesn't really bother me doing it that way, because I'm used to it and have been doing that for years, but I guess that I might eventually get a password manager one day.
I actually went and changed many of them last week, after I read about some huge security breach affecting certain sites.
Interesting. Do you have unique passwords for everything? If so, how do manage all of them? I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. After Apple's Go To Fail bug was resolved I changed all of them. With this recent OpenSSL bug I changed all the ones of sites I knew were affected and resolved. I have 8 Google accounts, 3 iCloud accounts, 2 Dropbox accounts, and about 10 accounts for various financial institutions.
Except for the financial institutions — which are oddly stingy about password length and special characters — Google, iCloud and Dropbox all use 50 character alphanumerics with special characters that I could never remember. On top of that my select questions all have answers that are random strings thereby preventing social hacking techniques. I was able to systematically change them over time and keep track of which ones I changed with their Smart Folder feature so I could 1) see which had a date modified older a particular date and 2) which ones had a note field that wasn't blank (which is where I store that info). Took some time but a couple a day only takes a moment and soon enough potential threats are isolated to a particular site.
I can't imagine that being done well without a password manager which, among it's well known features, also has a security audit feature which 1) tells me which passwords are weak (not an issue for me), 2) informs me which passwords are duplicate (also no longer an issue for me), and 3) which passwords haven't been changed in awhile (6-12 months, 1-3 years, 3+ years).
Originally Posted by dysamoria
Me. Look at how freaking flawed software is, and how vulnerable it is. What's the point? Do I want one central point of failure to lose all my passwords or get them all stolen? They've already admitted to a security breach in the past, and look how secure our entire Internet is, with years-long vulnerabilities and unknown exploitation.
1) Sure, nothing is foolproof but I fear more about having some website's server's hacked with my username and password from that site being tested on others than I am from someone stealing my MBP, getting past VileFault2 on said MBP, and then being able to get into my 1Password database that is protected by 256-AES encryption.
2) What security breach has directly affected 1Password?Edited by SolipsismX - 4/16/14 at 12:57pm