Microsoft's new Edge browser has a password manager, here's how it works

[comfortablynumb15]

store the passwords in the browser is always a bad decision. there are so many risks ...
on the other hand it is always much more comfortable because not have to always remember the passwords for a lot of services.

My password manager is a small notebook where I point out everything from my writing until my passwords.
I think it is impenetrable, because I hide in a secret place

It's under your bed, isn't it? Just admit it

 

[Piteko21]

Nooo, it's in a secret place, It is so secret that even I do not know where it is already... Oh, I know where it is my notebook
is so rare use the notebook that sometimes even I forget where it is stored


PS. under my bed I keep a dead body ... that dead body is my neighbor

 

[BoraMurdar]

"Here, take them"

Please watch what you are typing on Security forums, someone may take it serously

 

[comfortablynumb15]

Um *confused look* Ok?

 

[BoraMurdar]

Um *confused look* Ok?

Just argument your words and nothing will be confusing. One is saying the facts, respect each other opinions, discuss, but total opposite when you say foolproof, and

storing these things in the browser is about as close to saying "Here, take them"

 

[comfortablynumb15]

Aren't we nitpicking a bit here? Okay, just so people can understand my point and how I mean it, I'll reiterate: No security measure is foolproof and 100% trustworthy. That's just a fact that cannot be ignored. Storing passwords somewhere else besides in your own hands is removing the ability to control what happens with those passwords. That too is fact. The browser is in direct contact with the "evils" of the Internet, from malware to bugs to whatever. So, I question the safety and logic of storing passwords within such an exposed environment. My opinion is that doing so is almost welcoming a problem to occur, hence why I said it was like saying "Here, take them".

Is that better?

 

[BoraMurdar]

Is that better?

Dunno... is it?
I just don't want for people to think that those services are insecure and unprotected, its "probably" more protected than your system at home. The thing what is questionable is : "what is more delicious to attack?" and "what will crush faster when we attack".

and of course

No security measure is foolproof and 100% trustworthy

, but that can also be applied to home systems.
I just think that something where millions are spend yearly for security and protection, is more secure

 

[comfortablynumb15]

Dunno... is it?
I just don't want for people to think that those services are insecure and unprotected, its "probably" more protected than your system at home. The thing what is questionable is : "what is more delicious to attack?" and "what will crush faster when we attack".

and of course , but that can also be applied to home systems.
I just think that something where millions are spend yearly for security and protection, is more secure

But, Bora, lol, those services are insecure. Why do you think these big stories are getting more frequent? They would be secure if the lazy butts behind them actually put more money into security and upkeep than advertising and data siphoning. A 10 million dollar security system isn't worth 10 dollars if you make the password to it "Fidowuvsme!99" and don't keep it patched up. And, it's these systems that are more "delicious" to attack, which is why it is risky to store such data with them. Of course my argument about being foolproof can apply to home systems. But that's just it, it's in your home. Don't put blind faith in money, it isn't spent for you.

 

[comfortablynumb15]

Just in 2014:
Corporate Hacks:
Sony
JP Morgan
EBay
AOL
Home Depot

Major Vulnerabilities That Resulted in Damage or Possible Damage:

HeartBleed
ShellShock
CurrentC
The iCloud/Fappening debacle.

I'm pretty sure millions of dollars were spent on security in these cases. And now in 2015 we've had a major U.S Government employee database attack, Anthem, and it just keeps counting. Money isn't going to change things, better security practices and focusing less on profit might. I'm not trying to argue with you, I'm just trying to show that the more control you have over your data, the less risk you face.

 

[BoraMurdar]

But, Bora, lol, those services are insecure. Why do you think these big stories are getting more frequent? They would be secure if the lazy butts behind them actually put more money into security and upkeep than advertising and data siphoning. A 10 million dollar security system isn't worth 10 dollars if you make the password to it "Fidowuvsme!99" and don't keep it patched up. And, it's these systems that are more "delicious" to attack, which is why it is risky to store such data with them. Of course my argument about being foolproof can apply to home systems. But that's just it, it's in your home. Don't put blind faith in money, it isn't spent for you.

And you know they don't patch up their services? We used to have some blackhats here on forums but inactive for some time so I would ask them is it easier to hack into my computer running Windows with ESET Smart Security 8 and decrypt Keepass vault or find me on LastPass servers, breach-hack-decrypt

 

[comfortablynumb15]

I've seen some godawful practices in my time. I touched on this before in an unrelated thread, but I've seen hospitals and government agencies whose security would make you laugh..after you got done sweating. It's not the security at fault, it's the idiots who either aren't getting paid enough to bother, are overworked, or just plain damned lazy. LastPass wasn't so hard, was it? My biggest concern with them is that this is not their first time on this merry-go-round. They don't seem to learn. And those blackhats would tell you they don't care if your system is easier. They'd tell you they'll be better off hacking your Facebook, your LastPass, your health and work records, etc. Everywhere you couldn't stop them, because your security you use doesn't mean squat if it isn't used and kept up to par on the service you signed up with.

 

[BoraMurdar]

But almost nothing happened in lastpass, just unusual network activity. Even if someone was able to steal my mails and password hints, what they can do without my master password? and without crashing the whole system to be able to bypass it, and probability to decrypt stolen data... I know what you're saying, and you're probably right about some employees but I don't think that human factor plays so big role in this.

 

[comfortablynumb15]

But see, humans are the weakest link in the chain Have you ever run across "that guy", the guy that will disable something because he is getting too many pop-ups or something he wants to do is being blocked at work? Have you run across the guy who is on his 20th cup of coffee during a late night company-wide updating operation? What about the person opening up emails at work or even at home and clicking on the "important document" embedded in it? What about the guy/guys who are just plain effing exhausted, leaving work at 11pm and forgetting to take care of something because "it can wait till morning"? Or the guys setting up a website that cut corners or just weren't all that concerned with or good at keeping their code from misbehaving?

Security doesn't secure itself..and when it does..run like hell

 

[BoraMurdar]

Security doesn't secure itself..and when it does..run like hell

lol

But see, humans are the weakest link in the chain Have you ever run across "that guy", the guy that will disable something because he is getting too many pop-ups or something he wants to do is being blocked at work? Have you run across the guy who is on his 20th cup of coffee during a late night company-wide updating operation? What about the person opening up emails at work or even at home and clicking on the "important document" embedded in it? What about the guy/guys who are just plain effing exhausted, leaving work at 11pm and forgetting to take care of something because "it can wait till morning"? Or the guys setting up a website that cut corners or just weren't all that concerned with or good at keeping their code from misbehaving?

I think that people can screw up something concerning maintenance, but smart specimens already thought "what if"... So architects make something that isn't going to rely on human's competence but on unbreakability... until someone bypasses it and then back to a drawing table

 

[Deleted member 178]

all this is worthless discussion !

be simple , be smart

"Umbra? because i worth it"

 

[samit]

Better way to secure your account:

1. Use strong passwords
2. Enable two factor authentication
3. Disconnect from internet

 

[BoraMurdar]

all this is worthless discussion !

be simple , be smart

"Umbra? because i worth it"

What r u suggesting oh mighty Umbra?

 

[comfortablynumb15]

Yeah, I didn't think discussing opinions on what is a secure way to do things and what isn't, on a security forum, was "worthless". What is more "more simple and smart"? There's only so much you can do to keep things simple, you still need a good password and a way to remember it.

 

[Deleted member 178]

my own password generator , located in my mind :

1- choose a paraphrase you can remember easily, example : umbra is god
2- use hacker style writing, the paraphrase becomes : umbr4 15 90d
3- remember it

now how to do variants for several sites with it :

4- add special characters or a letter giving clues , example for gmail : umbr4 15 90d 9m41l

thanks

(i know im awesome)

 

[jamescv7]

Just a little tidbit how browser including IE can range the weakness of handling save logins.

The biggest problem with saving your passwords in your browser is that it's not hard for someone who gains access to your computer to also access all your passwords. In Chrome, for example, you (or anyone who hacks into your computer) can just go to the browser's settings and click on the show button in the preferences tab to reveal any saved password. Internet Explorer is more secure because it doesn't let you view saved passwords, and it also doesn't sync your data across computers. Both IE and Chrome, however, use your computer login password as the cipher for the encrypted data.

How browser secure in handling password? Then click here