undefined | Better HN

0 pointsdiogomonicapt11y ago0 comments

I agree that the title is more link-baity than it should. For what it's worth, part of it was just a witty title.

0 comments

Reading that you come off as an idiot who has no idea what there talking about. Password managers are banned from high security applications, because their not secure.

That said, the random part of randomly generating a password is an issue, but combining that with something you have is reasonably secure.

PS: Some places require a 20+ character password and will fire you on the spot if it's ever written down or stored on a device of any kind. 99% of the time it's overkill but real security is rarely convenient.

tsotha11y ago

Having worked in places with those kinds of rules I can tell you most of those passwords is written down. At one government shop we did an audit and found the longer and and better a password is (and the faster it expires), the more likely users will write it down. Not only that, 70% of them put the written down password in their top right desk drawer.

We also found a large percentage of our fancy two person authentication safes had both combinations written somewhere on the signout sheet.

You can't make peoples' lives too difficult with security directives. They'll start to ignore you no matter how much you threaten them.

Retric11y ago

No offence, but if your not going to fire people when you find their password written down then there going to write their password down. Written policies are practically irrelevant it's enforced policies people pay attention to.

One example of security. Someone (A) giving a breafing has someone (B) grabs at it so they can read the document. At which point (A) pulls his sidearm and threatens (B). Later (A) is given an intense debriefing to verify that he was willing to shoot (B) and simply wanted to clarify the situation vs being unwilling to shoot (B). (B) was later told he was lucky not to have been shot.

1 more reply

morgante11y ago

> Password managers are banned from high security applications, because their not secure.

Based on what? I've seen absolutely no evidence that good password managers (1Passoword and its ilk) are insecure.

Retric11y ago

One of the most common failure modes is screen captures which are often used for auditing. So there enabled even when everything is working correctly. For encrypted passwords that are sent directly to the clipboard you still get those files backed up which means you can brute force the password file without throwing up any red flags. Also, pasting passwords is disabled on many secure applications. For apps there stored on an unsecured device with a wide range of failure modes.

j / k navigate · click thread line to collapse

0 comments

Retric11y ago

Reading that you come off as an idiot who has no idea what there talking about. Password managers are banned from high security applications, because their not secure.

That said, the random part of randomly generating a password is an issue, but combining that with something you have is reasonably secure.

tsotha11y ago

We also found a large percentage of our fancy two person authentication safes had both combinations written somewhere on the signout sheet.

You can't make peoples' lives too difficult with security directives. They'll start to ignore you no matter how much you threaten them.

Retric11y ago

1 more reply

morgante11y ago

> Password managers are banned from high security applications, because their not secure.

Based on what? I've seen absolutely no evidence that good password managers (1Passoword and its ilk) are insecure.

Retric11y ago

j / k navigate · click thread line to collapse