[153597] in North American Network Operators' Group
Re: Password Safes
daemon@ATHENA.MIT.EDU (Michael Thomas)
Fri Jun 8 17:07:06 2012
Date: Fri, 08 Jun 2012 14:06:25 -0700
From: Michael Thomas <mike@mtcc.com>
To: Lyndon Nerenberg <lyndon@orthanc.ca>
In-Reply-To: <B9E8AB39-167C-4401-88FF-6057161F49A6@orthanc.ca>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 06/08/2012 02:01 PM, Lyndon Nerenberg wrote:
> On 2012-06-08, at 1:41 PM, Michael Thomas wrote:
>
>> I run a website. If it can change it on mine, I'd like to understand
>> how it manages to do that.
> I log in to your website, change my password, and the software picks up that I've changed the password and updates the safe accordingly. The software doesn't initiate the password change, it just notices it and updates its database accordingly. Sorry, I should have explained that more clearly.
>
> If you have a Mac or a Windows box, download the 1Password 30 day trail and take it for a run. It really is a useful bit of software. No, it doesn't work on my *BSD, Solaris, or Plan 9 machines. But it does sync across all my Mac, Windows, and Android gear, and the Android client lets me pull up passwords on my phone when I'm on one of the systems that doesn't have a native 1Password client, or when I am on the road.
>
Ah, ok. Still Linkedin's contention that I should log in to every account
that I've created and change the password is still silly -- nobody's going
to do that.
That said, if there were a standardized way to get these password vault
software -- or whatever else wanted to manage them -- to do key refresh,
I'd be happy to implement it for my site. To my knowledge, such a protocol
does not exist.
Mike
