[kwlug-disc] Heartbleed affected sites

Nick Guenther nguenthe at uwaterloo.ca
Tue Apr 15 16:37:45 EDT 2014


unsolicited <unsolicited at swiz.ca> wrote:
>Well said.
>
>Well, except for:
>
>Use a password manager - what if there isn't one? e.g. SSH signons? And
>
>in the lack of the password manager, you're back to square one. I take 
>your point, however, using one where you can will decrease the size of 
>the set. Except, how to keep disparate password managers in sync?

I'm jumping in without reading the whole thread first, but this
situation is exactly what hashapass.com and pwdhash.com solve: instead
of having a manager record things for you, you remember an algorithm,
key, and a master password. The passwords don't travel over the network
and there's no syncing or centralized server to rely on.

in a pinch you can go to http://hashapass.com (so long as that site
survives (and isn't MITM'd by anyone). Better, if you have a smartphone
you can save http://hashapass.com/en/phone.html (including the
javascript!) and make a bookmark to the local copy.
And for *nix (both sh and X) I've written a slick implementation:
https://github.com/kousu/hashapass which I would appreciate feedback on
if anyone uses it.

It's no two-factor authentication, but it works with accounts you have
right now.




More information about the kwlug-disc mailing list