LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Use two-factor

Use two-factor

Posted Nov 11, 2011 13:01 UTC (Fri) by Cato (subscriber, #7643)
In reply to: A Periodic Table of password managers by drag
Parent article: A Periodic Table of password managers

The main defence against simple keyloggers is a second factor - if the authentication process calls your phone (like Google Authenticator or Duo Security), you will know some hacker has got your passwords and is trying them out. Since most keyloggers are installed en masse, this is quite a useful defence.

LastPass is a good password manager (free as in beer for desktop OSs, paid-for on mobiles) which now includes Google Authenticator support and has some other two-factor options (grids, biometrics, and Yubikey). See http://lastpass.com/

Although LastPass has the weakness of a cloud-based point of attack, the two-factor options make it more secure against keyloggers than the password managers listed here. It's still vulnerable to a targetted attack against the LastPass client plugin, but that's true of almost any authentication technique.

(Log in to post comments)

Use two-factor

Posted Nov 12, 2011 0:21 UTC (Sat) by drag (subscriber, #31333) [Link]

Yes. Against simple loggers then 2 factor auth is a good thing.

The main danger then changes from password stealing to session hijacking.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds