Both her and her mother have sealed envelope with 4/5s of the encryption keys, the remaining 1/5 is the chorus to a song which My wife and I picked and is not something we ever talk or write about.Įvery year, both as a company and personally we reevaluate each system. Then there is the most sensitive financial records, device encryption keys and records my wife will need when i croak, For that I have 3 identical drives.
Even if you compromise 1Password, you have no vector to LastPass. I keep the password for LastPass in 1Password except for the last 6 characters which I have memorized. Currently we use 1Password because I like that the setup of a new device requires a third factor. Currently I have a 97 character master password for those accounts.įor my personal accounts I have to share all passwords with my wife. So we have a corporate device with LastPass that is centrally controles vía the LastPass Enterprise console. Unfortunately our use of passwords requires us to potentially be anywhere from one day to the next and we cannot guard other we have internet access. But if they hack my financial accounts, that could cost me a lot of money.Īs an IT security guy who leads a team and needs to share passwords with my team, this is what we do.įor corporate passwords we use LastPass Enterprise. If someone hacked my Ars account, well that could be embarrassing. Since they're such high value targets, don't let them remember your passwords to critical things. Large numbers of people (millions? billions?) are vulnerable to a supply chain attack on browsers and Microsoft, Linux, and Apple. We've got a world corps of programmers busily trying to fix their apps and they're countered by a corps of programmers, perhaps more talented ones, busily trying to compromise them. Maybe you should only apply security-critical updates. Supply chain attacks are pernicious because they'll come to you in the original installation or in an update.
For that, your defenses are: (i) apps should have access only to the data they need (ii) use only apps that take security seriously (iii) minimize the number of apps that have access to your important data. All that said, the article is about supply chain attacks, where compromising the application itself provides direct access to *everybody's* files.
0 kommentar(er)
