Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Working On Password Generator For Chrome

Soulskill posted more than 2 years ago | from the 123456-letmein-hunter2 dept.

Chrome 175

Trailrunner7 writes "Google is in the process of developing a tool to help users generate strong passwords for the various and sundry Web sites for which they need to register and authenticate. The password-generator is meant to serve as an interim solution for users while Google and other companies continue to work on widespread deployment of the OpenID standard. The tool Google engineers are working on is a fairly simple one. For people who are using the Chrome browser, whenever a site presents them with a field that requires creating a password, Chrome will display a small key icon, letting the users know that they could allow Chrome to generate a password for them."

cancel ×

175 comments

Sorry! There are no comments related to the filter you selected.

What could go wrong? (-1, Troll)

bonch (38532) | more than 2 years ago | (#39090563)

Let's trust an ad-serving company with a track record of intentional privacy violations [eff.org] and a publicly hostile attitude toward privacy rights [eff.org] to generate our passwords for us.

Ever wondered why Chrome bundled Flash despite dropping H.264 in the name of openness? Advertiser Flash cookies. Chrome is also the last major browser not to support the Do Not Track [wired.com] privacy feature. Google wants access to all your data because you are their product, and advertisers are their users.

Of course, trolls will probably accuse me of being a shill again, even though the facts are staring everyone in the face. I'll stick with Firefox and the PwdHash [mozilla.org] addon for secure password generation, thanks.

Re:What could go wrong? (-1)

Anonymous Coward | more than 2 years ago | (#39090585)

Of course, trolls will probably accuse me of being a shill again, even though the facts are staring everyone in the face.

No need.

If anyone's uncertain, just check the posting history of the sockpuppets below and draw your own conclusions.

DavidSell
ByOhTek
antitithenai
Bonch
TechGuys
Overly Critical Guy
CmdrPony
InsightIn140Bytes
InterestingFella
SharkLaser
jo_ham
DCTech
smithz
HankMoody

Trolling campaign by GreatBunzinni, aka Rui Maciel (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#39090609)

GreatBunzinni [slashdot.org] , real name Rui Maciel, has been using anonymous posts [slashdot.org] to accuse almost 20 accounts of being employed by a PR firm to astroturf Slashdot, without any evidence. Using multiple puppet accounts, he mods up these anonymous posts while modding down the target accounts in order to censor their viewpoints off of Slashdot. GreatBunzinni accidentally outed himself [slashdot.org] as the anonymous troll who has been posting these accusations to every Slashdot story. For example, he wrote the same post almost verbatim, first using his logged-in account [slashdot.org] followed by an anonymous post [slashdot.org] days later. Note the use of the same script and wording.

It turns out GreatBunzinni is actually a 31-year-old C++/Java programmer from Almada, Portugal named Rui Maciel, with a civil engineering degree from Instituto Superior Técnico and a hobby working with electronics. He runs Kubuntu and is active on the KDE mailing list. Rui Maciel has accounts at OSNews, Launchpad, ProgrammersHeaven, the Ubuntu forums, and of course Slashdot. While trolling Slashdot, he listens to rock music like Motorhead, Fu Manchu, and Iron Maiden, but lately he's been on a big Jimi Hendrix kick, with some Bootsy Collins on the side (as you might have guessed, he has a Last.fm account). He's also a fan of strategy games like Vega Strike and Transport Tycoon.

Most of the users Rui targets have done nothing more than commit the sin of praising competitors to Google or other Linux-based products at some point in the past. Some of them are subscribers who often get the first post, since subscribers see stories earlier than non-subscribers. After one of Rui's accusations is posted as a reply, the original post receives a surge of "Troll" and "Overrated" moderations from his puppet accounts, while the accusatory post gets modded up. Often, additional anonymous posters suddenly pop up to give support, which also receive upmods. At the same time, accused users who defend themselves are modded down as "Offtopic."

Rui Maciel's contact information
Email: greatbunzinni@gmail.com [mailto] , greatbunzinni@engineer.com [mailto] , or rui.maciel@gmail.com [mailto]
IM: greatbunzinni@jabber.org [jabber] (the same Jabber account currently listed on his Slashdot account)
Blog: http://rui_maciel.users.sourceforge.net/ [sourceforge.net]
Programming projects: http://www.programmersheaven.com/user/GreatBunzinni/contributions [programmersheaven.com]

Known puppet accounts used by Rui Maciel
Galestar [slashdot.org]

NicknameOne [slashdot.org]

Nicknamename [slashdot.org]

Nerdfest [slashdot.org]

Toonol [slashdot.org]

anonymov [slashdot.org]

chrb [slashdot.org]

flurp [slashdot.org]

forkfail [slashdot.org]

psiclops [slashdot.org]

tl;dr: An Ubuntu fan named Rui Maciel is actively trolling Slashdot with multiple moderator accounts in an attempt to filter dissenting opinions off the site.

Re:Trolling campaign by GreatBunzinni, aka Rui Mac (0)

Anonymous Coward | more than 2 years ago | (#39090999)

He's also a fan of strategy games like Vega Strike and Transport Tycoon.

I like the cut of this guy's jib.

Re:What could go wrong? (0, Troll)

Anonymous Coward | more than 2 years ago | (#39090641)

Remember - anyone who is anti-Google is a shill. They are probably being paid with MiKKKro$oft bloody money.

Hi, my name is Anonymous Coward and I'm the average Slashdot poster.

Re:What could go wrong? (2)

WrongSizeGlass (838941) | more than 2 years ago | (#39091713)

Hi, my name is Anonymous Coward and I'm the average Slashdot poster.

Slashdot Anonymous meeting (in unison) : Hi, Anonymous Coward.

Re:What could go wrong? (4, Insightful)

Aerorae (1941752) | more than 2 years ago | (#39090615)

You mean the Do Not Track list which is practically unenforceable? The one where the advertisers "do the right thing" and honor the users' request not to track them? Such an IRONCLAD defense against predatory advertisers should be the gold standard, shouldn't it?

Re:What could go wrong? (1, Troll)

bonch (38532) | more than 2 years ago | (#39090651)

The Robots Exclusion (robots.txt) is also an honor system. Google is the only holdout on Do Not Track. Every other major browser vendor has adopted. Google also happens to financially benefit from there being no Do Not Track. Makes you think, doesn't it?

Re:What could go wrong? (5, Informative)

ozmanjusri (601766) | more than 2 years ago | (#39091137)

Google is the only holdout on Do Not Track. Every other major browser vendor has adopted.

Really?

Perhaps you should have Googled it before shooting your mouth off...

Google Releases “Do Not Track” Extension for Chrome
Google is announcing that they have released a “Do Not Track” extension for Chrome called Keep My Opt-Outs that blocks advertisements that are based on browser history. It hasn’t been made mandatory by any governments yet, but it’s been clear that ever since the Wall Street Journal’s series on how advertisers track user information on the web that this was going to happen.
Already the Chrome team has been testing an experimental feature that allows you to block all new third party cookies from being set. These pieces of information can travel with you and record information about your habits on the web. They are also useful for saving other information such as preferences and login information, but the marketing opportunities that can be taken advantage of with cookies is enough to make some people want to turn them off.
This extension solves that, as Google believes this is the correct way to ward of ad tracking.

http://www.thechromesource.com/google-releases-do-not-track-extension-for-chrome/ [thechromesource.com]

Re:What could go wrong? (4, Interesting)

WrongSizeGlass (838941) | more than 2 years ago | (#39091741)

Just an extension? Not core functionality? Meh.

released a “Do Not Track” extension for Chrome called Keep My Opt-Outs that blocks advertisements that are based on browser history.

So it blocks the advertisers people have 'opted-out' from? What about all the sneaky bastards that users a)don't know about or b)don't provide an opt-out option?

Google isn't necessarily Evil, but it has proven itself untrustworthy. They are the ones who benefit most from tracking, so I'm going to vote with my browser and email provider choices. I'm not bashing Google, but these days their actions have overshadowed their motto of Do No Evil.

Re:What could go wrong? (2)

Jah-Wren Ryel (80510) | more than 2 years ago | (#39091015)

You mean the Do Not Track list which is practically unenforceable?

As best I can tell "Do Not Track" headers in the browser are there for legal purposes. If we ever get the chance to sue for unauthorized tracking having the browser explicitly inform the tracker's website that they should not be tracking this user will probably be helpful in court. It may even be that the threat of such ends up being enough to make trackers obey the header.

But either way, it seems like an attempt to leverage the legal system for us little guys rather than a straight-forward engineering method of preventing tracking.

Re:What could go wrong? (2)

Lennie (16154) | more than 2 years ago | (#39091433)

And there is no Ironclad way to prevent tracking.

You would need to anonymize all webtraffic, remove features from browsers people actually use, make all browsers work exactly the same (which you can not or you will need to create a monopoly of one browser) and disobey the HTTP/1.1 RFC with things like the E-tag.

Re:What could go wrong? (3, Interesting)

modmans2ndcoming (929661) | more than 2 years ago | (#39091763)

Right...they have even done studies where they found they can uniquely identify a PC with a high degree of certainty using only the data that is available as part of the HTTP headers. Sure...they do not know your name or anything, but who needs to know a name when they can simply see your behavior and advertise accordingly?

Re:What could go wrong? (1)

StripedCow (776465) | more than 2 years ago | (#39091657)

As best I can tell "Do Not Track" headers in the browser are there for legal purposes.

Any idea how one proves in court that these headers have been actually sent in specific cases?

Re:What could go wrong? (0)

Anonymous Coward | more than 2 years ago | (#39091803)

Show that the browser's config file has the setting turned on.

Re:What could go wrong? (2)

TheRaven64 (641858) | more than 2 years ago | (#39091883)

In a civil suit, the burden of evidence is 'the balance of probability'. If you can show that your browser sends the header if a particular setting is enabled and that you have enabled that setting, then the other party would have to show that it was not sent in a specific case, or provide some counter evidence. In a criminal case, the standard is 'beyond reasonable doubt', so they would just have to show that it was possible that it was not sent.

Re:What could go wrong? (4, Insightful)

liquidweaver (1988660) | more than 2 years ago | (#39090647)

Lets take your argument to its logical conclusion - somewhere inside of Google's secret evil HQ in the base of a volcano, Sergei and Larry are laughing maniacally, "Now we can login as everyone because we will know their passwords! MWAHAHAHA!" as they stroke their evil kittens with eyepatches.

Or realistically, that google would login as people and impersonate their accounts.

You can have my tinfoil hat, you need it more than me.

Re:What could go wrong? (1)

bonch (38532) | more than 2 years ago | (#39090681)

It's not about evil intentions. It's about Google's track record of privacy "accidents" and a general lack of respect for privacy rights. Would you trust Microsoft antispyware software? No, because Microsoft's track record is pretty shitty in that regard. So why should you trust Google to generate your passwords, one of the most private pieces of data you own?

Re:What could go wrong? (5, Insightful)

MisterMidi (1119653) | more than 2 years ago | (#39090895)

What's different from trusting the browser to store your passwords? All major browsers have been doing this for years. It's really not much different. If they wanted your passwords, they'd already have them (with or without storage.) This is about encouraging people to use different passwords for different sites. Yes, it is a security risk to trust your browser with your passwords. But I think using the same password for every site is a much bigger risk.

Re:What could go wrong? (-1)

Dunega (901960) | more than 2 years ago | (#39091083)

BOOGA BOOGA BOOGA, the great evil Google is going to invade your mind and steal all of your secrets. Good god, get a grip.

Re:What could go wrong? (2, Interesting)

rtb61 (674572) | more than 2 years ago | (#39090695)

Let's take this argument to it's realisic conclusion - Google Chrome password lockin. What easy access to you web site, you better stick to using Chrome or else look forward to pen and paper copying 20 random characters, including numbers, letters, capitalisation and special chars, with different passwords for each and every site you connect to, get one char wrong and your stuck. Some like banks will definitely not email you a replacement password so that you can immediately reconnect.

Easy solution go with pass phrases they are easier to remember, words between 4 and 6 characters long, three words, that's 12 to 18 chars, those with mixed language capabilities have a slight advantage and only so "Googleveryobvious" and your done ;).

Re:What could go wrong? (0)

Anonymous Coward | more than 2 years ago | (#39090795)

Let's take this argument to it's realisic conclusion - Google Chrome password lockin. What easy access to you web site, you better stick to using Chrome or else look forward to pen and paper copying 20 random characters

A "realistic conclusion" given the zillions of search results for Chrome export passwords? Really?

Re:What could go wrong? (3, Insightful)

BitZtream (692029) | more than 2 years ago | (#39090797)

Right cause the only thing google lets us get back in the form of our data from their services is EVERYTHING.

Name 1 thing bit of data that you've given to Google that they don't allow you to download them other than your ANONYMOUS search history.

You can't call it lock in when they give you a unencrypted well documented XML file with your data in it, moron. Thats what they do for all of their web services, you think they won't make an export feature for Chrome?

They don't need lock in. Instead of doing 'Lock In' they do 'Better than the competition' which is far more effective at retaining customers. You should look into it some time.

Of course, this new feature in order to be useful for lock in would have to diverge from the current feature of chrome that lets you look up previously stored passwords already.

Do you actually have any idea at all who or what you're talking about?

Re:What could go wrong? (3, Interesting)

EdIII (1114411) | more than 2 years ago | (#39090987)

I can see there being some kind of lock-in, albeit not the one you are talking about.

Random password generation is useless on its own. I can't even remember 20 random alphanumeric characters and I have a good memory.

What is required when you do that is a password vault of some kind. Plenty of software available to do this for you. Chrome will already remember your passwords, but I can see them syncing that with your Google profile. They might already, I don't use Google for anything religiously.

That could be the lock-in. All of your passwords are stored in the "Cloud" with Google. However, I am sure they would provide a secure export adhering to some standards (theirs) that other vendors could read (after circumnavigating some documentation more fucking complicated than the plans for the Death Star). Sorry, I do API programming for some Google products and I find their documentation a little lacking in some places and not well organized.

My biggest issue is with Open ID. I will never, ever, participate in a system where you authenticate with a company where you are not the user, but the product. That's not security. Regardless of whether it is Google, having all that authentication in one spot is a bad idea. One password to rule them all, One password to bind them all, and in the darkness where you fucking lose it you get bent over by some sociopath in Russia who will own your ass and use it to pay for Vodka and teenage Russian hookers.

Unless, I am explicitly told by a client, after they ignore all my recommendations, will I integrate a centralized authentication scheme. Just poor security, but others will disagree I am sure....

Ohhhh, I almost forgot :)

YouTube API was offline for over 3 hours yesterday. Got a ton of emails about it and I looked at the response code coming back and it was ServiceUnavailable. No problems with our system, from what I could tell from the logs. Calls just started working again a few hours later with no code changes.

So if I do integrate Open ID, what guarantees do I have that the service will reasonably be available? How do I tell a user that the reason they can't authenticate is because one of the largest companies in the world has products in perpetual beta for free and I can't complain because it is free?

Do you think any user that complained yesterday believed Google was at fault or our system? Seriously, why even bother sending out a service impact notification that people might not even believe. With just a few hours I let them think it was just a spike in our load and it took longer than normal to upload.

Re:What could go wrong? (3, Informative)

tibman (623933) | more than 2 years ago | (#39091383)

OpenID wasn't created by nor owned by google. It was created by LiveJournal and "run" by a bunch of different people/companies: yahoo, microsoft, symantec, paypal, facebook and so on. It has also been available for years before google jumped in. There are many ways to authenticate as well, not just single password logins.

Here is an official list of recommended providers: http://openid.net/get-an-openid/ [openid.net]

Re:What could go wrong? (1)

Lennie (16154) | more than 2 years ago | (#39091473)

I like browserid, atleast when it gets out of the beta-stage (which it should in the coming months):

https://browserid.org/about [browserid.org]
http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in [mozilla.com]

It is a quick and easy way to verify you are the owner of an email-address and an open specification.

Then Firefox will get it in the browser-UI, here is an old mockup:

https://wiki.mozilla.org/images/4/4c/IdentityInTheBrowser.png [mozilla.org]

Firefox still has about 25% of the market, if those users get an easy way to login to sites that should help with adoption.

Re:What could go wrong? (1)

gbjbaanb (229885) | more than 2 years ago | (#39091711)

firstly, it would be a good thing for Chrome to generate passwords, but I'd like to see it store them in a keepass DB file instead of holding it Chrome itself or on Google's servers.

Secondly, OpenID means you don't have to use Google as a provider. Seriously, what is with the 'one password to rule them' bullshit. Use MyOpenID or MyId or Verisign [openid.net] . Or implement your own [openid.net] provider and use that, then you can be the big bad nasty sociopath and volunteer your own ass for Russian hookers.

Come on here and post, but at least try to sound like you have more sense than an immature 14 year old.

Re:What could go wrong? (1)

modmans2ndcoming (929661) | more than 2 years ago | (#39091775)

you do know you can use an openID vendor that you pay as the customer right? Your bank could even become a vendor. So choose what ever OpenID vendor you like.

Re:What could go wrong? (0)

rtb61 (674572) | more than 2 years ago | (#39091005)

Moron, we are talking average users, where the numbers are, just like you the sub-100s'. The bulk, were corporate executives target their shenanigans. Plenty of solutions for smarter users in fact the majority of smarter users would not even bother with that feature. Retentive types that need every single thing clarified and defined, rather than most things not delineated are obviously regard the majority, the average.

Re:What could go wrong? (1)

ThatsMyNick (2004126) | more than 2 years ago | (#39091131)

Okay, say I have been using this feature on chrome for a while, and say the password is saved by chrome and it allows me to look it up. Now I want to switch to IE (for whatever reasons). Now for each of the websites I have to open chrome password manager and locate the right password, copy it and paste it in IE. This is labour intensive enough that, nobody would ever want to do it. That sounds like a lock-in to me (my definition of lock-in is the inability to easily switch to a competing service).

And about the childish torts (what are you, 13?), its you who needs a clue.

Re:What could go wrong? (0)

Anonymous Coward | more than 2 years ago | (#39091797)

Don't use windows then... not that IE works very well but you can choose almost any other browser to run on Linux and at least there chrome will have saved your passwords in kwallet/gnomekeyringl. Using Linux also has other fringe security benefits, e.g. privproxy and what not.

Re:What could go wrong? (2)

ThatsMyNick (2004126) | more than 2 years ago | (#39091135)

Name 1 thing bit of data that you've given to Google that they don't allow you to download them other than your ANONYMOUS search history.

Just so that you know, google does not allow you download non-anonymous search history either. I am usually logged in, when I perform a seach on google. Neither does google allow you download the search results you have visited (it does not even allow you view them I believe). Google does not allow me to download the list of websites I have visited and Google had noticed that I had visited it. It does not allow me to download the timestamps and IPs of my logins. I can go on and on, but you get my point. Google collect tons of information about me, which I dont get access to.

Re:What could go wrong? (2)

tibman (623933) | more than 2 years ago | (#39091393)

I can't download the history, but i can view it all here: https://www.google.com/history/ [google.com]

Re:What could go wrong? (2)

mrmeval (662166) | more than 2 years ago | (#39090827)

I put mine in a text file and encrypt them with a PGP key that is not on my PC. That is my backup. I trust firefox well enough to let it store them but I don't trust them not to screw up and destroy them.

Re:What could go wrong? (1)

mlts (1038732) | more than 2 years ago | (#39091095)

I'd like to see a standard password database storage format. Yes, there are ways to generate and and store passwords, but usually, it is pretty difficult (and prone to leaks) to transfer the entries between one password program to another, especially on different devices.

For example, the best password storage on the iPhone would be 1Password since it uses a PIN (10 mistries == wipe), as well as the passphrase. Android, last time I checked, the app had far last functionality. KeePass is as close to a standard as one can get for multiplatform access, but good luck keeping all those in sync.

The solution close to an ideal likely would use private keys, such as what devices use, in combination with a good passphrase. This way, if someone gets ahold of the encrypted key material that might be sitting on Dropbox, the passphrase can't be brute forced because it would require decryption on a device that has been configured with that key storage.

Re:What could go wrong? (1)

St.Creed (853824) | more than 2 years ago | (#39091327)

Undoing my mods...

KeePass is as close to a standard as one can get for multiplatform access, but good luck keeping all those in sync.

Combine it with Dropbox. I open my passwords on Linux, my Android phone, and Windows. I could also do the same when switching to an iPhone.

They all access the same database, all changes synced in seconds. Each package apart is not a standard, but the combination Dropbox/Keepass is rapidly becoming the default in my professional circles. And with Crashplan doing encrypted backups, i figure I'm pretty safe.

Re:What could go wrong? (5, Funny)

ozmanjusri (601766) | more than 2 years ago | (#39090937)

Let's take this argument to it's realisic conclusion - Google Chrome password lockin. What easy access to you web site, you better stick to using Chrome or else look forward to pen and paper copying 20 random characters, including numbers, letters, capitalisation and special chars, with different passwords for each and every site you connect to

Ctrl C
Ctrl V.

Re:What could go wrong? (1)

flyingfsck (986395) | more than 2 years ago | (#39091193)

Higlight Middle click ;)

Re:What could go wrong? (1)

Shoe Puppet (1557239) | more than 2 years ago | (#39091523)

Shift-Insert

Re:What could go wrong? (0)

Anonymous Coward | more than 2 years ago | (#39091609)

Excellent, except they'll show the passwords as images to prevent scary viruses from trying to scan the text.

Re:What could go wrong? (0, Insightful)

Anonymous Coward | more than 2 years ago | (#39091155)

Google refuses to release the Chrome source code for no real reason. And no, Chromium and Chrome are not the same thing. Given all their recent privacy fuck ups I won't touch any Google-branded piece of software (or service for that matter) with a 10ft pole.

--
Marcan, asshole [mailto] and proud.

Re:What could go wrong? (1)

Hadlock (143607) | more than 2 years ago | (#39091835)

I've got some sort of strong password chrome plugin already, I use it for everything. I just don't bother to write down the passwords.
 
The chances that I'll lose the randomly generated password in the time between when the cookie expires, and when I actually need to use the site* again is about 90%. If I think I'll come back to the site, I'll email myself the password, and if it's just a throwaway account (is there a better single word term for this yet?) I'll just use the password recovery if by some chance I need to login a second time. Hell, I've started using the password generator to pick usernames.
 
  *Does not include sites that have financial info like the Bank, Ebay, Amazon, etc.

Re:What could go wrong? (0)

Anonymous Coward | more than 2 years ago | (#39090747)

These are posters claiming to be panicked because Google Chrome, into which they would type and save their passwords, is offering to generate them as well.

Hopefully someone tells them about Chromium.

Re:What could go wrong? (1)

Enter the Shoggoth (1362079) | more than 2 years ago | (#39091319)

Lets take your argument to its logical conclusion - somewhere inside of Google's secret evil HQ in the base of a volcano, Sergei and Larry are laughing maniacally, "Now we can login as everyone because we will know their passwords! MWAHAHAHA!" as they stroke their evil kittens with eyepatches.

Or realistically, that google would login as people and impersonate their accounts.

You can have my tinfoil hat, you need it more than me.

meow... that eye patch tickles ya know

Re:What could go wrong? (1)

WrongSizeGlass (838941) | more than 2 years ago | (#39091761)

Lets take your argument to its logical conclusion ...

Chrome will probably use a set formula to generate passwords that are strong but easy to remember. If someone asks Chrome to generate a password using the same criteria used by the person who registered the account, will it generate the same password and help someone break in to the account? If they try it multiple times will it give them enough samples to help them narrow in on the password it generated for the original user?

Re:What could go wrong? (1)

MisterMidi (1119653) | more than 2 years ago | (#39090825)

I am not Google's product. Google did not produce me. Hell, I'm even older than both of the founders!

Re:What could go wrong? (-1, Troll)

poetmatt (793785) | more than 2 years ago | (#39091199)

We know you're a shill dude.

Why even try to deny it? Why do you even bother first posting.

You are so fast to shit on google that I sincerely wish upon you cancer.

Where was an actual violation? Not "we're concerned"? Not "this is not a good thing"? I'm legitimately interested because you have no fucking answer.

Re:What could go wrong? (1)

StripedCow (776465) | more than 2 years ago | (#39091667)

I'll stick with Firefox and the PwdHash

I always wonder why W3C didn't build password hashing into the HTML specification. It would not be the perfect solution, I know, but still it could have been a major improvement in online security.

Trolling campaign by GreatBunzinni, aka Rui Maciel (-1)

Anonymous Coward | more than 2 years ago | (#39090571)

GreatBunzinni [slashdot.org] , real name Rui Maciel, has been using anonymous posts [slashdot.org] to accuse almost 20 accounts of being employed by a PR firm to astroturf Slashdot, without any evidence. Using multiple puppet accounts, he mods up these anonymous posts while modding down the target accounts in order to censor their viewpoints off of Slashdot. GreatBunzinni accidentally outed himself [slashdot.org] as the anonymous troll who has been posting these accusations to every Slashdot story. For example, he wrote the same post almost verbatim, first using his logged-in account [slashdot.org] followed by an anonymous post [slashdot.org] days later. Note the use of the same script and wording.

It turns out GreatBunzinni is actually a 31-year-old C++/Java programmer from Almada, Portugal named Rui Maciel, with a civil engineering degree from Instituto Superior Técnico and a hobby working with electronics. He runs Kubuntu and is active on the KDE mailing list. Rui Maciel has accounts at OSNews, Launchpad, ProgrammersHeaven, the Ubuntu forums, and of course Slashdot. While trolling Slashdot, he listens rock music like Motorhead, Fu Manchu, and Iron Maiden, but lately he's been on a big Jimi Hendrix kick, with some Bootsy Collins on the side (as you might have guessed, he has a Last.fm account). He's also a fan of strategy games like Vega Strike and Transport Tycoon.

Most of the users Rui targets have done nothing more than commit the sin of praising competitors to Google or other Linux-based products at some point in the past. Some of them are subscribers who often get the first post, since subscribers see stories earlier than non-subscribers. After one of Rui's accusations is posted as a reply, the original post receives a surge of "Troll" and "Overrated" moderations from his puppet accounts, while the accusatory post gets modded up. Often, additional anonymous posters suddenly pop up to give support, which also receive upmods. At the same time, accused users who defend themselves are modded down as "Offtopic."

Rui Maciel's contact information
Email: greatbunzinni@gmail.com [mailto] , greatbunzinni@engineer.com [mailto] , or rui.maciel@gmail.com [mailto]
IM: greatbunzinni@jabber.org [jabber] (the same Jabber account currently listed on his Slashdot account)
Blog: http://rui_maciel.users.sourceforge.net/ [sourceforge.net]
Programming projects: ProgrammersHeaven page [programmersheaven.com]

Known puppet accounts used by Rui Maciel
Galestar [slashdot.org]
NicknameOne [slashdot.org]
Nicknamename [slashdot.org]
Nerdfest [slashdot.org]
chrb [slashdot.org]
flurp [slashdot.org]
forkfail [slashdot.org]
psiclops [slashdot.org]

tl;dr: An Ubuntu fan named Rui Maciel is actively trolling Slashdot with multiple moderator accounts in an attempt to filter dissenting opinions off the site.

xkcd (3, Insightful)

Zaldarr (2469168) | more than 2 years ago | (#39090593)

http://xkcd.com/936/ [xkcd.com] Randall has it all sorted. Just use a whole lotta entropy.

Trolling campaign by GreatBunzinni, aka Rui Maciel (-1)

Anonymous Coward | more than 2 years ago | (#39090619)

GreatBunzinni [slashdot.org] , real name Rui Maciel, has been using anonymous posts [slashdot.org] to accuse almost 20 accounts of being employed by a PR firm to astroturf Slashdot, without any evidence. Using multiple puppet accounts, he mods up these anonymous posts while modding down the target accounts in order to censor their viewpoints off of Slashdot. GreatBunzinni accidentally outed himself [slashdot.org] as the anonymous troll who has been posting these accusations to every Slashdot story. For example, he wrote the same post almost verbatim, first using his logged-in account [slashdot.org] followed by an anonymous post [slashdot.org] days later. Note the use of the same script and wording.

It turns out GreatBunzinni is actually a 31-year-old C++/Java programmer from Almada, Portugal named Rui Maciel, with a civil engineering degree from Instituto Superior Técnico and a hobby working with electronics. He runs Kubuntu and is active on the KDE mailing list. Rui Maciel has accounts at OSNews, Launchpad, ProgrammersHeaven, the Ubuntu forums, and of course Slashdot. While trolling Slashdot, he listens to rock music like Motorhead, Fu Manchu, and Iron Maiden, but lately he's been on a big Jimi Hendrix kick, with some Bootsy Collins on the side (as you might have guessed, he has a Last.fm account). He's also a fan of strategy games like Vega Strike and Transport Tycoon.

Most of the users Rui targets have done nothing more than commit the sin of praising competitors to Google or other Linux-based products at some point in the past. Some of them are subscribers who often get the first post, since subscribers see stories earlier than non-subscribers. After one of Rui's accusations is posted as a reply, the original post receives a surge of "Troll" and "Overrated" moderations from his puppet accounts, while the accusatory post gets modded up. Often, additional anonymous posters suddenly pop up to give support, which also receive upmods. At the same time, accused users who defend themselves are modded down as "Offtopic."

Rui Maciel's contact information
Email: greatbunzinni@gmail.com [mailto] , greatbunzinni@engineer.com [mailto] , or rui.maciel@gmail.com [mailto]
IM: greatbunzinni@jabber.org [jabber] (the same Jabber account currently listed on his Slashdot account)
Blog: http://rui_maciel.users.sourceforge.net/ [sourceforge.net]
Programming projects: http://www.programmersheaven.com/user/GreatBunzinni/contributions [programmersheaven.com]

Known puppet accounts used by Rui Maciel
Galestar [slashdot.org]
NicknameOne [slashdot.org]
Nicknamename [slashdot.org]
Nerdfest [slashdot.org]
Toonol [slashdot.org]
anonymov [slashdot.org]
chrb [slashdot.org]
flurp [slashdot.org]
forkfail [slashdot.org]
psiclops [slashdot.org]

tl;dr: An Ubuntu fan named Rui Maciel is actively trolling Slashdot with multiple moderator accounts in an attempt to filter dissenting opinions off the site.

Re:xkcd (0, Insightful)

Anonymous Coward | more than 2 years ago | (#39090629)

This is one case where Randall got it completely wrong. His example will fail rather quickly to a dictionary attack [wikipedia.org] , and as such, his estimates of entropy are way off.

Re:xkcd (0)

Anonymous Coward | more than 2 years ago | (#39090783)

If you can crack the one I use for my laptop, you can have the laptop.

You have to be smart about these things and implement them in a sane manner, and companies have been encouraging people to use passwords that are not secure in a way that is not secure for a long time now. Reusing passwords for multiple sites is an example of an exceedingly bad password policy because you only need one of them doing the idiot thing like Sony did, storing them in plaintext, and then -everything- you used that password with is compromised.

Reusing passwords is a bad idea. Trusting a company that has flagrant privacy violations on records with your passwords is a bad idea.

Your passwords are yours and they're your responsibility. Give them to someone else at your own peril.

Re:xkcd (-1, Troll)

Anonymous Coward | more than 2 years ago | (#39090823)

A word taken randomly out of a dictionary of just 2000 words has about 11 bits of entropy. There's nothing to estimate there. A a simple two step calculation will determine it exactly. (1) Take a base 2 logarithm of 2000. (2) Congratulations, you are done.

As such, your math sucks, go learn some.

Re:xkcd (0)

Anonymous Coward | more than 2 years ago | (#39090945)

Somebody thinks that because you can find more than one word in a dictionary that a "dictionary attack" is effective against random combinations of words. Somebody is a moron.

Re:xkcd (5, Insightful)

Sigma 7 (266129) | more than 2 years ago | (#39090865)

Randall uses four words, not one. Even if you use a small word list of 5000 words (and TWL has much more words), that's 6.25 *10^14 combinations. It's still a few times stronger than a 8-character random alphanumeric which has ~2.81*10^14 combinations.

And if you go with the full TWL, you need at least 12 characters in the random alphanumberic to even be as strong as the 4-word passphrase.

It's only less secure in the sense that a similarly sized alphanumeric has more possible combinations - which is not being compared.

Re:xkcd (2)

mwvdlee (775178) | more than 2 years ago | (#39091533)

...and that's assuming people will use english words, which is probably try only for native English speakers without a second language. A dictionary would roughly double in size (yet another bit of entropy) for each additional potential language.

Re:xkcd (3, Interesting)

Zarel (900479) | more than 2 years ago | (#39091313)

Really, Slashdot? 4, Insightful for a comment that has no idea what it's talking about? All you need to do is read the Wikipedia article you link to:

Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.

Emphasis mine.

A dictionary attack is a fast way to crack a password consisting of a single word. The conventional wisdom of how to thwart a dictionary attack is to replace letters with symbols and append a few more symbols to the end. Randall's comic is intended to establish that simply using more than one word will thwart a dictionary attack much more effectively.

His comic does this by calculating entropy. His estimates of "3 days" and "550 years" are the theoretical best time to crack the password, and already take into account that English words have lower entropy than their constituent characters. Actual attacks such as dictionary attacks are slower than these theoretical best estimates.

Re:xkcd (0)

Anonymous Coward | more than 2 years ago | (#39091635)

Every little box in the comic represents 1 bit of entropy. For each word he used 11 bit of entropy. So he assumed 2^11 = 32768 words in the dictionary.

Re:xkcd (2)

MisterMidi (1119653) | more than 2 years ago | (#39091715)

Ehm, 2^11 = 2048...

Re:xkcd (1)

Mashiki (184564) | more than 2 years ago | (#39090663)

It works, and works well. My SSID login is 27 characters and I can remember it without a problem. My secondary password after I use my RSA token? Usually 3 tries before I remember because we have a password policy of upper/lower case mixed with alpha-numerics, which must be between 8 and 30 characters in length. We change these every 18 days.

Brain...hurts...especially for someone with very poor short and medium term memory problems. Of course it's an automatic disciplinary issue if you write any of this down. Yeah gonna go over here and just keep epic face palming over it. One of these days, they'll figure it out.

Re:xkcd (1, Offtopic)

zill (1690130) | more than 2 years ago | (#39090885)

I think this comic [xkcd.com] is much more related.

Before I started using keepass I actually stored the majority of my passwords in gmail in plaintext. I figured that google already has enough dirt to send me to gitmo for life from my search results alone, giving them more data isn't going to hurt.

Re:xkcd (-1)

Anonymous Coward | more than 2 years ago | (#39090939)

No, it's all about lead-pipe cryptography. Or, in this case, wrench cryptography.
http://xkcd.com/538/

Re:xkcd (1)

Lennie (16154) | more than 2 years ago | (#39091493)

This is also relevant ;-)

http://xkcd.com/538/ [xkcd.com]

Re:xkcd (1)

Anonymous Coward | more than 2 years ago | (#39091707)

http://xkcd.com/936/ [xkcd.com] Randall has it all sorted. Just use a whole lotta entropy.

I like this too, but there's one huge, major, glaring flaw with it.

Lots of web sites have stupid password restrictions. Like, must have some numbers, symbols, be between 8-16 characters, and so on, and so on...

Why they can't just say "password minimum 8 characters, and must have these arcane symbols and weird restrictions... OR password minimum 12 characters, unrestricted" is beyond me.

Worst yet is the sites where your password CANNOT be more than (say) 16 characters. My bank does this (ugh). My airline frequent flyer account. My newspaper commenting account. From memory, even Microsoft Live logins (a.k.a. Hotmail, a.k.a. Passport) can't be more than 16 chars.

So no "correct horse battery staple".

When you start thinking about why they have this restriction, you get scared. If they were hashing their passwords (i.e. the best practice), there would be no such restriction, since hashes can operate on any length string. So they're not hashing. Worst case, they're probably storing it plaintext in a VARCHAR(16)...

Re:xkcd (1)

modmans2ndcoming (929661) | more than 2 years ago | (#39091841)

The math is SOOOOOOOOOO wrong it isn't even funny.

The alpha cap and lower case letters gives you 52 bits....then you add the numbers.....that is 10 more to the total...then the special characters and punctuation (he used an &).. another 30.... so the total bits are 92.

so for 11 characters.....11*2^92 = 54469361728556732095561465856 possible combinations for the pass word length.

1000 guesses a second means it will take 863,606,064,950,480,912 years mean time to brute force that password. (50% chance of guessing the password before the end of the list of possibles)

increasing the guess rate by 25 orders of magnitude would weaken the password considerably, but it would still be pretty good at 863 years.

Or use 1Password (1)

cmarkn (31706) | more than 2 years ago | (#39090595)

Its plugin is not quite seamless, but it works smoothly enough with Safari and Firefox. They're working on Chrome and Opera plugins, but they aren't there yet.

Re:Or use 1Password (1)

Intropy (2009018) | more than 2 years ago | (#39090789)

KeyPass 2 plugs into Chrome quite nicely. There's also an android version, which is nice for when I'm not at a computer I control.

One small problem... (5, Insightful)

Todd Knarr (15451) | more than 2 years ago | (#39090613)

The problem I see is the increasing number of sites (eg. Sony's online game support sites) who "for security reasons" block browsers from auto-completing password fields. Which IMO actually decreases security, it increases the number of times a keylogger could see my password and it makes it harder to use high-difficulty (and difficult to remember) passwords.

Re:One small problem... (0)

Anonymous Coward | more than 2 years ago | (#39090897)

The only kind of keylogger vhat would be thwarted by such is one that bugged only your keys.

Not subsrantial enough threat to sway the concern Sony is expressing wth automated log-ins.

Re:One small problem... (0)

Anonymous Coward | more than 2 years ago | (#39091017)

I'm confused. I thought we weren't supposed to be buying/using sony products/services for the last 10 years. Why didn't anyone tell me that I was allowed to start doing so again?

the world upon a silver..er chrome platter (2)

smoothnorman (1670542) | more than 2 years ago | (#39090627)

"What do you want Google? The Key of Orthanc, or perhaps the keys of Barad-dûr itself, along with the crowns of the seven kings, and the rods of the five wizards?"

Re:the world upon a silver..er chrome platter (1)

St.Creed (853824) | more than 2 years ago | (#39091333)

I think they'll settle for a small ring. A minor one, the smallest of them all...

OpenID (4, Informative)

IGnatius T Foobar (4328) | more than 2 years ago | (#39090643)

The interesting thing about OpenID is that the vast majority of people who use it, don't even know that they're using it. When I added support for OpenID 2.0 to my website, I found that the vast majority of takeup was from people who pushed the "Log in with Google" button. There's nothing special about that button, it just automatically fills in the known OpenID for Google. There are buttons for AOL/AIM and Yahoo too, as well as the "enter your own openid" of course, but the vast majority of people who use it, are going with Google.

So you can safely ignore the naysayers who claim OpenID is dead and there wasn't any takeup. It's huge, it just didn't take the form most people imagined.

Re:OpenID (0)

Anonymous Coward | more than 2 years ago | (#39091405)

well, I use a throwaway google acc whenever I encounter an openID barrier. I suppose google knows who I am, since I use the same IP to log in to my normal gmail.

Re:OpenID (1)

Dan541 (1032000) | more than 2 years ago | (#39091443)

It's somewhat fruitless to try and hide from Google if you're a Gmail user.

I don't understand (3, Insightful)

Superdarion (1286310) | more than 2 years ago | (#39090655)

I just don't get it. How will this help? It's not that people can't generate random paswords (see, here's one: !wef112SFAWffx9). It's just that they can't be bothered to even try to remember such things. People choose "1234" because they don't want to make the effort to remember long, complicated passwords. So what does this tool by google accomplish?

Now, the article is not clear about it, but I think there's gonna be a chrome-embedded tool to manage all passwords. While this is cool, kde and gnome already do it by default in ubuntu (and I assume in other distros that use them). I don't know about windows, but there should be one or two around. If there aren't (or if you really like chrome and wish to grant it control over your passwords), I just don't see how having a explorer-specific tool to manage passwords is a particularly good idea. A OS-wide password manager is much better, like the aforementioned kde and gnome implementations, because it works with whatever you're using, not just your choice of internet navigation software.

Here's an idea: make a piece of software that doesn't even try to create great random passwords that are very difficult to crack with a computer. Instead, make it create simple passwords that are just a string of dictionary words, easy to remember by a person, hard to guess by another person and, since it's a string of words (and not just the one), hard to crack with a computer.

Re:I don't understand (0)

Anonymous Coward | more than 2 years ago | (#39090705)

Or we can go beyond using the lower 128 characters of the ASCII table characters as password and use the unicode space instead.

8 characters with some from the Chinese, Greek, Japanese, or other Klingon scripts etc got to be enough. ;)

Re:I don't understand (0)

Anonymous Coward | more than 2 years ago | (#39090729)

It's great in principle, but a pain in the ass to type (and you won't be even able to type it in most places, so it's only on your PC).

I used to use ~20 char mix of cyrillic and kanji for one Very Important encrypted drive pass at home, but then I said "Fuck it" and switched to ~45 char english nonsensical phrase - and it was still almost twice faster to type.

Re:I don't understand (0)

Anonymous Coward | more than 2 years ago | (#39090753)

Re-read the article, it's clear. This WEB SERVICE will store the user's passwords for them. You're too stupid to be allowed to know your own password (it's for your own good, trust us):

"While generally it's good that users don't know their passwords, there are times when they will need them such as when they aren't able to use Chrome. For these cases, we will have a website similar to Valentine where users can sign in and view (and possibly export?) their passwords"

This is full browser lock-in with Chrome. You won't be able to use any sites you have to log-in to without using Chrome. Worse than that, they're data mining all your passwords:

"we don't just choose a password for them is that many sites have requirements... So we will choose a default generator that will work on most sites... Long term we can hopefully also gather some aggregate information from UMA users about the form of passwords they generated so that this whole process can be skipped for the vast majority of sites"

And of course their own site is too important for it's passwords to be stored:

"We will need to special case the GAIA log in page so that this feature doesn't trigger"

This service, not a tool, will lock users into Chrome and prevent them from switching browers by holding their passwords hostage.

Re:I don't understand (0)

Anonymous Coward | more than 2 years ago | (#39090803)

bonch^WAnonymous Coward wrote:

This is full browser lock-in with Chrome. You won't be able to use any sites you have to log-in to without using Chrome. Worse than that, they're data mining all your passwords:

From TFA:

there are times when they will need them such as when they aren't able to use Chrome. For these cases, we will have a website similar to Valentine where users can sign in and view (and possibly export?) their passwords.

Dude, your lies don't hold water and your tinfoil hat is slipping.

Re:I don't understand (1)

MisterMidi (1119653) | more than 2 years ago | (#39090969)

Well, either you didn't RTFA that well, or you're just pulling sentences out of context to suit your views. You should run for senate.

Re:I don't understand (2)

Intropy (2009018) | more than 2 years ago | (#39090819)

Chrome already has an embedded password manager. I'm with you that it's nicer to have something external to the browser but that plugs into it. But I prefer an external app/format to the OS as well since it's easier to use the password database on whatever platform I need. All that being said, for most Chrome users Google doesn't have much to do with the OS, and something straightforward to use is a step in the right direction for most people.

i just want some biometrics (0)

Anonymous Coward | more than 2 years ago | (#39090679)

There's no chance of it outside the rare gimmick, because the infrastructure isn't cost-effective and we have all been trained to fear the government by the biggest proponents of it, the ones who want it in your bedroom and vagina.

Does it include quotes from Hamlet? (1)

solarissmoke (2470320) | more than 2 years ago | (#39090737)

Google is in the process of developing a tool to help users generate strong passwords...

I wonder if it will involve giving the user random selections from Shakespeare [google.co.uk] .

Actually (0)

Anonymous Coward | more than 2 years ago | (#39090873)

Actually, I wrote my own password generator that's based off the concept of generating nonsensical but reasonably easy to remember phrases.. http://mirror.digital-flux.com/files/dark12222000/BetterPasswordJar.zip

UNIX/Linux password generation. (2)

bejiitas_wrath (825021) | more than 2 years ago | (#39090901)

http://www.cyberciti.biz/faq/linux-random-password-generator/ [cyberciti.biz]

This might work nicely for those with access to a UNIX/Linux machine...

Re:UNIX/Linux password generation. (0)

Anonymous Coward | more than 2 years ago | (#39091051)

Just install apg [nursat.kz] . Should be in the repositories of most distros.

Re:UNIX/Linux password generation. (2)

lindi (634828) | more than 2 years ago | (#39091343)

Unfortunately that does not work nicely. On a multiuser Linux system everyone can see your password by looking at the process list. Here's a proof of concept:

testi1@lindi2:~$ wget -q http://iki.fi/lindi/watchps.c
testi1@lindi2:~$ gcc -O2 -Wall -o watchps watchps.c
testi1@lindi2:~$ echo /lib/x86_64-linux-gnu | ./watchps
helper got 6738, waiting for 6739

...

testi2@lindi2:~$ genpasswd
sh88xS5MKUAiGTvk

...

woke up
cmdline: "/bin/echo sh88xS5MKUAiGTvk "
helper got 6739, waiting for 6740

Just do it the traditional way (0)

Anonymous Coward | more than 2 years ago | (#39090913)

I have always been happy with a simple "head -c6 /dev/random | mimencode -". I always used that when generating passwords for my colleagues to servers I was responsible of.

Re:Just do it the traditional way (1)

zill (1690130) | more than 2 years ago | (#39090971)

/dev/random may be random, but it's not cryptographically secure. You would be better off using a dedicated password generator (eg. pwgen or apg).

What's the random number generator? (1)

Animats (122034) | more than 2 years ago | (#39091081)

Does Google Chrome have a cryptographic-grade random number generator with a good source of enthropy? Javascript math.random() is known to be predictable. [trusteer.com] Has someone with respected crypto qualifications checked over the code and signed off on it?

Already Exists: http://passwordmaker.org/ (5, Informative)

JakFrost (139885) | more than 2 years ago | (#39091087)

Already Exists: http://passwordmaker.org/ [passwordmaker.org]
Google Chrome: http://passwordmaker.org/Google_Chrome [passwordmaker.org]

The Problem

If you're like most people, you have a few passwords that you use over and over again on many different websites. You know this isn't secure, yet you do it anyway. Why? Because it's difficult to remember a unique password for each and every web site that requires one.
Existing Solutions

Maybe you do use unique passwords, and get around the problem of remembering them by storing them in a spreadsheet or other file. Maybe you even use one of the many password managers that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's computer, or a public internet terminal. You can't get to your passwords without carrying them around or publishing them on the internet. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And publishing them on the internet? Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database (Like the LastPass break in of May, 2011 LastPass Announcement).

Our Solution

PasswordMaker solves all of these issues. It is a small, lightweight, free, open-source tool for Internet Explorer, Firefox, Google Chrome, iPhone, Opera, PHP, Windows, OS/X, Linux, Flock, Yahoo! Widgets, Android, Python, and many other platforms & systems. It creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there's nothing to be hacked, lost, or stolen. PasswordMaker has been around since about 2003 and so is a mature, stable, popular solution.
How It Works

Warning - technical jargon in this section!

You provide PasswordMaker two pieces of information: a "master password" -- that one, single password you like -- and the URL of the website requiring a password. Through the magic of one-way hash algorithms, PasswordMaker calculates a message digest, also known as a digital fingerprint, which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." 1. In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!

What About Portability?

For times when you must use one of the rare platforms to which PasswordMaker hasn't been ported, or are using a system where you can't install any software, there's an online version which mimics the extension and works in all web browsers new and old. No downloads or installations are required.

Re:Already Exists: http://passwordmaker.org/ (1)

St.Creed (853824) | more than 2 years ago | (#39091347)

It would be so great if this was integrated with Keepass: let it figure out a password when possible, and let me do my stuff when needed.

Keepass already has a pretty flexible automatic password generator btw.

sure Mr. (0)

Anonymous Coward | more than 2 years ago | (#39091239)

"If you have something you want to keep secret, maybe you shouldn't be doing it" - go ahead and generate my passwords for me!

Not needed (3, Insightful)

scdeimos (632778) | more than 2 years ago | (#39091259)

Anyone who cares about having different passwords for different sites will already be using a password database manager such as KeePass. Most password database managers also have random password generators. This is Google's solution in search of a problem.

Re:Not needed (1)

St.Creed (853824) | more than 2 years ago | (#39091353)

A lot of people don't bother to download keepass and use it. This is a solution for people who otherwise wouldn't bother, so in that respect it would improve security.

OFcourse, only where the breakins involved password hacking. Most of the time it involves downloading malware.

Re:Not needed (1)

gbjbaanb (229885) | more than 2 years ago | (#39091771)

so integrate it - let Chrome generate passwords (using keepass' quite good generator) and store the resulting password (plus site info etc) into a keepass DB. Then you can also use the passwords in different browsers and back them up a lot easier.

how secure is that (1)

SuperDre (982372) | more than 2 years ago | (#39091501)

And how secure is having only openid to login into every website? Now they only have to hack into your openid account to get onto all those different websites, making it much easier for the hackers.... yeah google i understand why you want everybody to use your openid, so you can track them even better....

Is it too late to go short on Lastpass? (1)

mark_reh (2015546) | more than 2 years ago | (#39091515)

Is it?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>