Hacker News new | ask | show | jobs
by Pyppe 3653 days ago
Related to password security: any of you guys using Chrome's ability to sync passwords to "Google cloud"?

I just started using it a few weeks ago. Supposedly it uses a password to encrypt the data, but I still don't feel too confident syncing them there. On the other hand.. damn it's so convenient between multiple devices.
2 comments
zamalek 3653 days ago
There was recently a TeamViewer breach. Hackers somehow managed to access people's machines. Everything was denied and it wasn't investigated. Regardless, passwords were retrieved from Chrome. Some people lost a great deal of money.

Your browser is not a competent password manager and you should stop using it for that immediately.

Dashlane and LastPass make their money by keeping your passwords safe. This is far more preferable than a free browser feature. Both can sync across devices (if you pay). Sounds like you will like Dashlane for the same reasons that I do.

link
praxulus 3653 days ago
How would LastPass protect you against another TeamViewer breach?
link
lucaspiller 3653 days ago
I assume it's the same with LastPass, but I use 1Password and that requires you to enter a master password to unlock the passwords, where as Chrome requires no extra authentication.
link
emodendroket 3653 days ago
What do you mean? The whole thing can be encrypted with a master password, and LastPass offers an option to simply remember your master password with the browser extensions/desktop apps that I assume many people use.
link
pionar 3653 days ago
> LastPass offers an option to simply remember your master password

It does, but it gives you a VERY strongly-worded warning when you enable that.

I like LastPass for a few reasons -

* It lets me share my personal account with my work account so I can keep them separate (so when I log in on my work PC, I still have my personal passwords, but I log in to my personal account on my devices so I don't have to worry about someone getting access to work passwords on there).

* 2FA

* If I try to set a master password that's the same as one of my passwords I'm storing in there, it warns me.

* Cross-platform

link
elithrar 3653 days ago
1Password, at least, does not offer a 'remember master password' feature. I also configure it to auto-lock and auto-clear the clipboard on aggressive timeouts (I suspect other password managers allow for this too)
link
infinite8s 3652 days ago
How would that help with the aforementioned TeamViewer breach? Unless your timeout is 1 min or less, the attacker can just watch and wait until you've logged in somewhere with LastPass and then quickly act.
link
zamalek 3653 days ago
The master password.
link
geostyx 3653 days ago
I use and love 1Password. Chrome is a terrible place to keep passwords due to what @zamalek said.
link