Comment Re:Scripts that interact with passwords fields aws (Score 1) 365
" I've been in the software business for almost 40 years,"
Software, not security.
"I suggest you study texts on encryption, and maybe read the technical details of how a good cloud-based password manager like LastPass actually works"
https://blog.lastpass.com/2015...
That's all I fucking need to know. A piece of paper holding my passwords is more secure in my wallet than my passwords are with LastPass or KeepPass. I also have the ability to actually defend my stuff if someone tries to take it, whereas someone hacks your shit and it's gone, you're fucked. By the time you realize it, it's too late, they've made off with your stuff.
"Your super-whiz-bang method still requires a password, it seems"
Good authentication requires everything, including a password. We could switch to biometrics, you're fucked because there are any number of ways to get around that, including taking your head off. With a password added for second verification (or third verification, in this case) taking your head does me no good unless I was able to get the password from you before hand.
"How do you hash the passwords for your sites? Still using MD5?"
You silly noobs using hashes and salts. Nowdays smart people embed that information in an image file, good old steganography. You think you got a password database? Enjoy the cluster of hentai you just downloaded. Get past the fact that there's information inside the image? Good luck decrypting the white noise format used to encode it. Unless you have used my server software, you aren't going to be able to do much with it.