Hours ago, Evernote announced that passwords and user info were stolen at some point in the last few weeks; Evernote said that passwords were stored as seeded / salted hashes (you'd need time and computing power to break through); Evernote reset everyone's password. World is safe again.
Of course, if you stored your passwords in a file on Evernote, all of your passwords may have been compromised, and now you'll have to go through and change each and every one of them -- makes for a good argument to use LastPass, don't you think?
But is LastPass more secure? That all depends. You have to have two-step verification turned on, and you have to use it. For instance, to sign in on a new device, you'll need to verify who you are, via a text password sent to your smart phone.
You want triple-step protection? Store passwords in a file that requires a password to open, then store it in the cloud service that requires two-step verification.
Call me paranoid, but that's what I do, and it's actually quite convenient to do so. By the time someone has broken through three layers of protection, and assuming you've used very-long passwords, it'll be easy to update and change all your passwords.
(Of course, if someone sneaks a keylogger into your computer, you're royally screwed.)
No comments:
Post a Comment