Comments on: SuperGenPass – The Only Safe Password Manager http://mikeboylan.com/2008/09/supergenpass-the-only-safe-password-manager/ A collection of thoughts and ideas by yours truly... Thu, 08 Jul 2010 09:26:36 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Ximo http://mikeboylan.com/2008/09/supergenpass-the-only-safe-password-manager/comment-page-1/#comment-87 Ximo Thu, 08 Oct 2009 20:05:27 +0000 http://mikeboylan.com/?p=100#comment-87 SuperGenPass has a serious security flaw when used as a bookmarklet. http://akibjorklund.com/files/2009/10/supergenpass-vulnerability-demo.html SuperGenPass has a serious security flaw when used as a bookmarklet.
http://akibjorklund.com/files/2009/10/supergenpass-vulnerability-demo.html

]]> By: Darrin Holst http://mikeboylan.com/2008/09/supergenpass-the-only-safe-password-manager/comment-page-1/#comment-27 Darrin Holst Thu, 11 Sep 2008 14:01:13 +0000 http://mikeboylan.com/?p=100#comment-27 First, I use and love both SuperGenPass and 1Password. I however would not use one or the other exclusively. SuperGenPass is great for those sites that won't ruin your life if your password is compromised. Since (I imagine) the majority of people use SuperGenPass with 1 master password then your layer of defense is greatly diminished. In other words, someone just has to find out your master password and, as you put it, you'd be up shit creek. So all my "important" sites, i.e. credit cards, banks, etc., are protected with super nasty, super long passwords generated and stored with 1Password where I don't really care if I can't get to them from everywhere. Then all the "non-important sites", i.e. twitter, facebook, etc., are protected with SuperGenPass passwords where I do want to get to them wherever I'm connected to the cloud. The issue with data corruption is basically FUD. You should be regularly backing up and archiving important "stuff", which includes Keychains and actually 1Password does this for you. So *if* someday I wake up and my data is corrupted I just roll back to the day before. Also, what's the worse thing that will happen? You'll be forced to go reset and change your password at every site you frequent which, granted is a hassle, but not a bad thing to do once in a while. Darrin First, I use and love both SuperGenPass and 1Password. I however would not use one or the other exclusively. SuperGenPass is great for those sites that won’t ruin your life if your password is compromised. Since (I imagine) the majority of people use SuperGenPass with 1 master password then your layer of defense is greatly diminished. In other words, someone just has to find out your master password and, as you put it, you’d be up shit creek.

So all my “important” sites, i.e. credit cards, banks, etc., are protected with super nasty, super long passwords generated and stored with 1Password where I don’t really care if I can’t get to them from everywhere. Then all the “non-important sites”, i.e. twitter, facebook, etc., are protected with SuperGenPass passwords where I do want to get to them wherever I’m connected to the cloud.

The issue with data corruption is basically FUD. You should be regularly backing up and archiving important “stuff”, which includes Keychains and actually 1Password does this for you. So *if* someday I wake up and my data is corrupted I just roll back to the day before. Also, what’s the worse thing that will happen? You’ll be forced to go reset and change your password at every site you frequent which, granted is a hassle, but not a bad thing to do once in a while.

Darrin

]]> By: Kevin Fox http://mikeboylan.com/2008/09/supergenpass-the-only-safe-password-manager/comment-page-1/#comment-26 Kevin Fox Wed, 03 Sep 2008 18:21:21 +0000 http://mikeboylan.com/?p=100#comment-26 Nice article, I work for Vidoop so I am biased but I really like the password management solution we have at http://myVidoop.com It is a free browser plugin ( http://twurl.cc/2rj ) and it will store all your online passwords. You can store your passwords locally or online with myVidoop. If you store your passwords on myVidoop then they are accessible from anywhere and you dont have to worry about maintaining a local database/file. I keep a copy of FireFox portable on a thumb drive, along with the plugin installed and have a completely portable solution that I can plug in anywhere. Once I am done I just unplug the drive and move on. If anyone found the drive they would still need to authenticate with the ImageShield on http://myVidoop.com and I could easily deactivate the portable browser… I would be interested to hear how you think myVidoop compares to SuperGenPass? Thanks, Kevin Nice article, I work for Vidoop so I am biased but I really like the password management solution we have at http://myVidoop.com

It is a free browser plugin ( http://twurl.cc/2rj ) and it will store all your online passwords. You can store your passwords locally or online with myVidoop. If you store your passwords on myVidoop then they are accessible from anywhere and you dont have to worry about maintaining a local database/file.

I keep a copy of FireFox portable on a thumb drive, along with the plugin installed and have a completely portable solution that I can plug in anywhere. Once I am done I just unplug the drive and move on.

If anyone found the drive they would still need to authenticate with the ImageShield on http://myVidoop.com and I could easily deactivate the portable browser…

I would be interested to hear how you think myVidoop compares to SuperGenPass?

Thanks,
Kevin

]]>