| |
MotazArshiedFirstEssay 9 - 25 Nov 2019 - Main.EbenMoglen
|
|
META TOPICPARENT | name="FirstEssay" |
| |
< < | It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted. | | How I Enslaved Myself With Google's Passwords Manager | | Because of the master password idea of passwords manager, if the database is insecure, then all the "advantages" that comes with it are wasted and from what I have researched, Google's passwords manager is far from secure. Untrue to their own claim that passwords manager stores the info in Google's servers, Chrome actually stores this info in SQLite database file in the user profile directory. By my amateur understanding, the SQLite database is a self-contained, server-less, zero-configuration, transactional SQL database engine and its code is in the public domain and is thus free for use for any purpose, commercial or private. Even a non-programmer lawyer like me can sense that this is not safe nor secure. | |
> > |
Actually, this is not a security problem. SQLite is free software that is in everything, as you might expect. You got the feature description from the website, so you see that it's a component that helps all sorts of software systems by providing basic database functionality that is strong and in all senses free. But the places.sqlite database managed by your browser (by pretty much all browsers, in fact) doesn't have the decryption key for your passwords in it. The passwords are stored in encrypted form in the database SQLite manages: "attacking" the database cannot compromise the password.
| | Thus potentially, any user to this database file can make modifications and access my personal data.
This idea of convenience that I unreluctantly enslaved myself for has exposed not only my private emails, conversations, files and etc. to outside threats, but also my very own property, especially my financial assets. Currently, these financial assets surround around my tuition payment and as a student sponsored by a full scholarship, who's in charge of utilizing the sum granted towards academic-financial duties, I became terrified. The claws of anyone smart enough to hack Chrome's database can reach the throat of all of my achievements, regardless of how much Chrome is trying to reassure me that my information has not been compromised. | | The second-second thought I had was to disconnect from most of these platforms entirely. The fear of missing out is truly real when it comes to social media but is it too naive to think that if one maintains his desirable relationships steadily instead of superficially liking and commenting virtually, the FOMO would be neutralized?
On the other hand, there are some services I most likely won't (and can't) disconnect from (Faculty services, financial apps and Twiki for example), which leads me thinking that these kind of passwords for these platforms will have to be stored manually by me. | |
> > | So you might want to
think a little bit about how to make memorable and more secure
passphrases than the "one letter in each case, one number, one
punctuation mark" nonsense people are mostly taught to follow.
Investigate passphrases. Find an XKCD cartoon on the subject, which
will prove memorable for you and introduce you to XKCD. That will
help you figure out what best practices really are, and when you are using them, your security will immediately improve.
| |
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. |
|
|
|
This site is powered by the TWiki collaboration platform. All material on this collaboration platform is the property of the contributing authors. All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|
| |