[Cross-posted at Patrick Henry Society]
In a neverending quest to find more and better tools for security, I came across these recently and thought I’d pass them on.
Hopefully you’re not still using LastPass, but if you’re looking for a password manager other than KeePassX, check out Forgiva, which is a new kid on the block being billed as the “new age” password manager. It’s open source, so you can look over the back end of it, although it hasn’t been audited yet that I can tell. Don’t get me wrong, KeePassX is excellent. I do plan to try out Forgiva on some throwaway accounts to see how well it works. I can think of a few applications it may be good for. Keep in mind, however, that it has its issues as well (just like anything else).
While deterministic password managers do away with storage, they are as susceptible to certain attack forms than regular password managers.
Since users need to somehow get the password displayed in the programs and enter them on a website or application, it means that they will either be copied to the clipboard, or entered manually using the keyboard.
Depending on the level of complexity of the service, getting hold of the master password may give you access to all password unless the product users other security precautions (like Forgiva does).
Password renewal may also be an issue if the service does not offer an option to do so. Additionally, depending on functionality, these password managers may not offer options to store additional data, security question answers for instance.
Test things out, and use your head.
The other tool you might be interested in checking out is Bitquick. If you’re looking for Bitcoin transactions where you don’t have to log in anywhere and there’s no identity verification, this might be an option for you. The way it works is, you browse their available orders, and simply go drop cash in the local branch of whatever bank they’re using. Upload the receipt (without having to create an account etc), give them whatever BTC wallet you want to see your coins in (your Jack Sprat wallet, perhaps, for those of you who have been through the Privacy/Anonymity class, but NOT your deep cold storage), and 3 hours later poof, you have Bitcoin. There’s escrow, so it’s not like you’re just blindly putting money into an account. There are a few horror stories on reddit of course, but there seems to be an overwhelmingly positive experience by many, who claim it’s better than LocalBitcoin.com because it doesn’t require any kind of ID. Now, the Bitquick site does warn that if you’re doing large transactions that you may be asked to show ID, but that’s easily gotten around. Why are you doing large transactions anyway?
Keep in mind that if you do use Bitquick, you WILL be on camera making the deposit. So, think through your strategies for that before doing it, and as I mentioned, don’t use this as a direct method to fund your deep cold storage. I haven’t tested either of these, so if you do, let me know what your thoughts are in the comments.