Hacker News new | ask | show | jobs
by phase_9 5059 days ago
I don't understand why people are trying to come up with such complex solutions to Password and Security Question retrieval when portable and open source solutions, like Keepass[1][2] exist.

Just store your "random" Security Question answers alongside the login credentials - they'll be encrypted safely.

--

[1] http://www.keepass.info/

[2] http://www.keepassx.org/
2 comments
icebraining 5059 days ago
The advantage of these systems is that you recreate them using nothing but basic, generally available tools and your memory.

Keepass, on the other hand, is useless unless you have the database file with you.

link
phase_9 5059 days ago
So store it in Dropbox and have a copy on a USB Key you carry with you (along with a portable version[1] of Keepass)

Also, on the same subject, it's the "all you need is your memory" bit that makes me smile. If you could rely on your memory then why would you need to have these hashing functions in the first place? (:

[1] http://portableapps.com/apps/utilities/keepass_portable/

link
icebraining 5059 days ago
So store it in Dropbox and have a copy on a USB Key you carry with you (along with a portable version[1] of Keepass)

If I'm at a cybercafe somewhere, there's a high degree of probability that it won't let me just run some untrusted binary from my USB stick or the web.

Also, carrying an USB stick still defeats the point of being able to recreate them with nothing. I've lost more than one USB stick in my life.

Also, on the same subject, it's the "all you need is your memory" bit that makes me smile. If you could rely on your memory then why would you need to have these hashing functions in the first place? (:

If you can't rely on your memory, how will you know the master password to open the Keepass container?

Simply put, it's hard to remember a password for each and every site, but it's easy enough to remember a single algorithm (plus a master password) for all of them.

link
fr0sty 5059 days ago
> If I'm at a cybercafe somewhere, there's a high degree of probability that it won't let me just run some untrusted binary from my USB stick or the web.

1. You shouldn't be typing in high value passwords at <random cyber-cafe>.

2. You can get KeyPassDroid for your smartphone.

3. writing your master-password down somewhere may be useful to your next of kin.

link
icebraining 5059 days ago
1. I don't use this system for high value passwords - I have only four or five of those and I can memorize them (and keep a written down copy in a safe place).

2. I don't have a smartphone

3. Not really, due to (1).

link
rmc 5059 days ago
Because the main problem isn't remembering them, but preventing other people from guessing them.
link