Storing Passwords in the Cloud?

There’s been a recent event at LastPass and users have potentially lost their passwords. Honestly, I wonder why would anyone ever store their passwords anywhere, much less in the Cloud?

Good security practice dictates that passwords should never be stored at all. Period.

While we should use random passwords with different ones for different sites, and it is difficult for users to remember so many meaningless passwords across so many different sites, it is no excuse to store passwords.

IMHO, the ideal solution for this would be to use generated passwords. These passwords could be generated from multiple secrets that are known only to each individual, but not to everyone. Think of it has having different parts of a dollar.

One example would be to use something like password hash, which would generate the password based on the website domain name and a known secret. Try it out and you’ll see.

There are more complex schemes that can be invented if necessary but the idea is there – don’t store the passwords anywhere – generate passwords on-the-fly.

Advertisements

Published by

Shawn Tan

Chip Doctor, Chartered Engineer, Entrepreneur, Law Graduate.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s