LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 6, 2012 20:21 UTC (Wed) by hitmark (guest, #34609)
In reply to: 8 million leaked passwords connected to LinkedIn, dating website (ars technica) by liw
Parent article: 8 million leaked passwords connected to LinkedIn, dating website (ars technica)

That relies on being able to keep the data files storing all those passwords safe. And not just from outside threats but also hardware and software failure.

(Log in to post comments)

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 6, 2012 20:24 UTC (Wed) by ms (subscriber, #41272) [Link]

Then use something like oplop.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 6, 2012 20:47 UTC (Wed) by drag (subscriber, #31333) [Link]

> That relies on being able to keep the data files storing all those passwords safe. And not just from outside threats but also hardware and software failure.

If a attacker has access to your user account then they have access to your passwords. It doesn't matter if you type them in, use encrypted store on a keyring, a spreadsheet on a truecrypt encrypted USB drive, ssh private public keys, have your browser store them, or use a plain text file at ~/.secret. If you use it and can access it from your user account then the attacker can access it too.

Really, though, using a password management mechanism of some sort is extremely advantageous. Once you stop needing to memorize your passwords it's very easy to use unique, long, and very random ones.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 7, 2012 0:06 UTC (Thu) by flammon (guest, #807) [Link]

I use Revelation for that and have a few backups of the file on different systems.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 7, 2012 14:45 UTC (Thu) by proski (subscriber, #104) [Link]

I use Revelation too and I'm looking for an alternative. The problem with Revelation is that it keeps all data in one binary file. There is no automatic way to merge changes made on different systems.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 7, 2012 14:44 UTC (Thu) by NAR (subscriber, #1313) [Link]

I've downloaded Bruce Schneier's password manager, used a new safe password, added some passwords to the tool - and the next week when I tried to access it, I forgot the master password :-( The problem of rarely used password.

By the way, currently I need two passwords (disk encryption, login) on my windows laptop to get to a point where I can start the password manager. Life sucks.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds