07-22-08 - 7

I use KeePass for my passwords. It's kind of retarded. It has all this illusion of client-side security, like somehow it's protecting you from keyloggers. Of course that's nonsense. To get your password from KeePass into Firefox or whatever, it either has to send keypress messages or use the clipboard, both of which are trivial to hook and any keylogger would be grabbing.

But it's still valuable. I'm not really too worried about client side security, I keep my machine on lockdown, I use ProcessGuard for example so that no app I don't tell to run can ever run. I am, however, worried about the security of the places that have my password. Even retards like Visa that you would think should be really secure are incredibly incompetent about computer security and are constantly losing everyone's account info to the Russians.

To slightly protect myself from host-side security breaches, I use a different password on every site. I used to just keep track of that by hand, but that's a pain in the butt (and most of my random passwords where turning into asdlkfgj - only slightly semirandom, you can see the left to right hand swipe). So what KeePass is actually good for is generating random passwords and remembering all the damn passwords for all the damn sites for you.

One thing it doesn't have is automatic entry generation when you register for the first time with a site. That would be pretty easy to code and make it much nicer to use.

No comments:

old rants