This may be an unavoidable step, in addition to using a cold wallet, if buying/selling cryptoactives on an exchange. As an additional security feature, KeePassXC allows setting up time-based one-time passwords (TOTPs) that can be read on-screen from the air gapped computer and typed when access to an on-line service is required. Better having those secrets in a machine never connected to the Internet and reasonably secure. The problem with password managers such as KeePassXC is that the file that stores our secrets can be stolen and brute forced (even if being successful in this task is highly difficult and time consuming) when stored on-line. All search phrases are archived and for sale. And they still failed implementing it consistently. Only my persistence made them consider it for their latest change. Not when they changed it from 500 to 5,000. Not when they changed the default from 1 to 500 iterations. In fact, it’s painfully obvious that LastPass never bothered updating users’ security settings. Which, BTW, is Brian Kreb’s main criticism of Lastpass, by quoting Wladimir Palant: The fault with Lastpass is not so much in their product, but in not getting people to choose better passphrases. Connor chose to protect his LastPass password vault with an eight character master password that included numbers and symbols (~50 bits of entropy).Īn 8 character password for $3M+ in value? Please, memorize a nice 30+ character phrase that is not in the internet and that you never searched for. So I still stick to an online password safe.īut if you read the example from Brian Kreb’s article of a Lastpass user with more than $3M in cryptocoins, I have to shudder:Ĭonnor said he began using LastPass roughly a decade ago, and that he also stored the seed phrase for his primary cryptocurrency wallet inside of LastPass. Getting such a password safe to synchronize over the internet is non-trivial and being excluded from an important site after you just set a 36 character random password from home/workplace just because you are currently working from workplace/home can truly ruin your day. However, the suggestion to use a “locally” stored password safe is not for everyone. There is something to say for being more careful with the seed to your bitcoin/Ethereum wallet containing millions of dollars of value than with some random utility password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |