This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Best practices for browsers

LTParis
LTParis
in Mac
So I recently decided to get very serious about password security especially given the LulzSec breaches. With that in mind I was curious how far do people go with their security concerns in regards to browser security. For instance do you purge all data out per session so it's less likely that if you encountered an exploit to have your passwords compromised? As good as your password is, if it's locally stored it would likely be a easier target to compromise.
Flag

Comments

  • khad
    khad Social Choreographer
    Welcome to the forums, LTParis!



    The great thing about using 1Password is that you can disable your browsers' built-in password managers which have been known to have numerous security vulnerabilities over the years. Having password management handled external to the browser provides some security advantages since your sensitive information is not directly available to the browser. Notice that you even have to specifically direct 1Password to fill your information using the ⌘\ keyboard shortcut or selecting "Fill Login" from the 1P toolbar button. That information isn't going anywhere without your say so. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Additionally, none of the LulzSec breaches were on personal machines which are not as hot of a target to folks like those who were a part of LulzSec. They are looking for the biggest jackpot and they found it in large corporate databases. Most attackers are not interested in obtaining a single user's information. They would rather find some place to obtain a lot of users' information. Which, of course, brings us back to the [url="http://blog.agilebits.com/2011/06/two-thirds-of-web-users-re-use-the-same-passwords/"]age old problem of password reuse[/url].



    If you are using the same password anywhere (or, worse, [i]every[/i]where), then if your password was obtained via any one of the breaches, it would be trivial for an attacker to log into any and all of your other accounts (including bank, email, anywhere else you used the same password). So the number one lesson to take away from all of the LulzSec madness is to use [b]strong[/b], [i][b]unique[/b][/i] passwords for each and every site you visit. Never use the same one twice. Fortunately, 1Password makes that easy, so you are already on the right track. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />



    Regarding "purging all data out per session" I'm not really certain that I know what you are referring to. 1Password doesn't keep any of your sensitive data laying around [i]anywhere[/i] in an unencrypted form. Specifically what data are you looking to purge and where is it stored? I'd love to help you answer the question if I know a bit more about what you are trying to do.



    Cheers,
    Flag