Tuesday, May 25, 2010

Notes: Look for password manager

Phishing attacks are worrisome and increasingly sophisticated. I shouldn't have to check the URL bar myself -- a password manager in my browser should do that (and I should trust it enough to be suspicious if it doesn't autofill for a site I know). This will also allow me to strengthen my password-generation methods relatively painlessly.

Issues:
1. Losing the encrypted password file is catastrophic. Must be aggressively (but safely) backed up.
2. Access on other machines. Should I even be logging in on other machines, anyway? Do I really need this?

I must isolate myself from OS changes, and ideally against browser changes as well. Something with a plugin for FF and Chrome (for Linux/OSX/Windows) would be satisfactory.

Should there be a web frontend so I can retrieve my stuff? Must be javascript so my unencrypted shit never touches the server unencrypted. (Is the browser, of all places, REALLY where I want to be unencrypting this, anyway?) I would need to trust the vendor.

Hmm.

No comments:

Post a Comment