Leo smacks down CBS Morning News

[G+_Anton Tanderup]

Leo smacks down CBS Morning News

 

Originally shared by Robert McGhee

[G+_Eng. Jorge Santana]

Priceless!

[G+_David G]

That was actually a rerun, so I guess you can say they were twice as stupid airing it again? LOL

[G+_Dale Weber]

I've been using LastPass ever since I found out about it from Leo! I'm now using up to 20 character randomly generated passwords where ever I can. I hate sites that don't allow secure passwords and try to stay away from those as much as possible.

[G+_Nicholas Layton]

What was her point? Was she trying to say make your password simple and easy to remember and use it everywhere?

[G+_Chris Holt]

Amen Leo!

[G+_Charles Griffin]

That's why they call them talking heads.

[G+_Andreas Kjerulf]

Leo in a nutshell

[G+_Mike Gunderson]

Leo Laporte You are exactly right and it is good that you  brought this to the online community. BUT, I dunno about calling someone STUPID or IDIOTIC is the right approach. How about misguided or not informed and then contacting CBS or the person making these statements and correcting them?  You have a lot of people following you and learning from you but I would bet there are some folks that have no clue who you are and instead believe everything CBS is telling them about security is true. It would be great for CBS to come out with a correction with you telling them the right way to be secure

[G+_Brian Reilly]

LastPass aren't an advertiser and they darned well should be. 

They should have this running on their site.

 

Well done Leo. 

[G+_Daniel Goldman]

You like LastPass Leo Laporte and that's great. For those that still want to manage their passwords by using long random strings where possible there is also:

 

1Password by Agile Bits

This is what I use for password management. Has what you would expect from a password manager. Also, instead of encrypted cloud storage services, 1Password uses an application and browser plug-ins for many major platforms. I am using an Android phone and a Mac computer and I have not had any problems. It is available for most major platforms. The exceptions being Linux and all mobile OS's but Android and IOs.

 

1Password also has the ability to store "Wallet" information, secure notes (I use this a bunch for securely storing client server credentials), software keys, and separate "identities".

 

The one downside for less technical users is that you manage your sharing yourself instead of having a cloud solution to do this. Less easy, but more secure.

https://agilebits.com/onepassword

 

Another solution is the Open Source Project

KeePass

Although KeePass doesn't have all the bells and whistles of OnePassword (or maybe LastPass, I haven't tried it) it is a very robust password manager with everything one needs to keep their online everything secure. Also between official and unofficial releases there is a version or bridge for many, many platforms including many flavors of Linux, Blackberry, J2EE Mobile devices, and all the majors you would expect. And of course because it is open source, the price is right at FREE!

 

The downside of KeePass is that it is not as elegant as other solutions, and requires a higher technical knowledge to to keep rolling. There is no support but forum support.

http://keepass.info/

 

Sorry to be all pluggy, but I assure you I have nothing to do with either of these efforts. I have had far to many of my friends complain to me about how their security was breached, or stuff of theirs was stolen even after we discussed the importance of multiple secure passwords and password management.

 

I even know one person who writes all of their passwords down in a little booklet and totes that around with them (cringe).

[G+_Chris Holt]

I disagree with the contention that managing your own sharing with 1Password is "more secure" than LastPass. There is going to be an encrypted password file in one or several places no matter what.  Lastpass is doing all the right things to protect that file, and is less likely to make mistakes in doing so than Joe Public. If my password file was compromised on one of my systems or in some other cloud storage, I might not become aware of it until too late.  Back in May 2011, LastPass merely suspected some data was exfiltrated from their servers, and notified all users of this and required a master password change. Some even accused them of overreacting. 

No disrespect to 1Password, it is certainly an option to be considered, but not everyone is willing to, or even capable of, maintaining a high degree of security when moving these files about. The other downside of 1Password is cost. $50 vs. free or $12/yr for LastPass Premium.. 

[G+_Dave Trautman]

This Comediene's poor attempt at humour should not be taken seriously even if it puts back efforts to educate computer owners and data sharers about the responsibility they have for keeping themselves secure.

 

She talked about security theatre and I have seen this also. Efforts to appear secure which are not really all that secure. My bank has two factor entry and it works really well. But the actual password part of it is very simple and easy to work out. I sometimes do government consulting and I could tell horror stories.

 

I think Leo did well to de-bunk what was being said. He does this service for the tech reading community all the time. I would say his brand of humour matches mine more closely than the woman he is making fun of. But let's not deny the possibilities for humour after recent events with large data aggregator companies; which have revealed some interesting new social behaviours with regard to "the most popular passwords" stories.

 

I think it's quite alright for this stand up comic to make fun of the problem and to appear quite uninformed about it. It's what makes comics funny. They purport not to handle life very well.

 

Perhaps it would be possible for Leo to invite her to be a guest on Triangulation and go deeper into her style of humour and how much of it taps the tech news or tech community or social networks use. This, I think, is similar to part of Louis C.K.'s routine where he rails about cellphone users on airplanes (which always makes me laugh).

 

I think if we were to listen to her entire bit – without Leo's parsing it out – we might actually get the joke. But I won't call it a good one.?

[G+_Daniel Goldman]

Chris Holt : Yeah, I guess it all depends on how your are using it. People should do what's best for their particular workflow. In my case it certainly is more secure because it is on two devices, both owned by me to the root level. Additionally, all sync actions happen behind a physical firewall and do not reach any public networks unless I specifically say so, and even then it is via a VPN tunnel.

 

That's before the data is even encrypted. Which like you said happens either way.

 

And that is awesome that you feel comfortable trusting that the people handling your data are doing the right thing. They probably are. I've never met them.

 

As far as the cost. Yes, $12/yr is cheap. That's for sure.

 

Edit: Thought LastPass was $12/mo. not $12/yr.

[G+_Bryan-Mitchell Young]

Leo went off the handle on this video but didn't even listen to what she actually said. At no point does she say that passwords should NOT be unique.

 

Here''s a page with the video and transcript: http://www.cbsnews.com/8301-3445_162-57563689/a-word-for-the-password-weary/

She doesn't say "here is what you should do." She says, "There are many suggestions for creating a hacker-evading password" and all of the things she mentions are suggestions that people have actually said. They may be bad or wrong but she is not saying to do them.

 

Leo also said that "no one calls passwords security theater" then why is it that a search for password "security theater" finds tons of hits? https://www.google.com/search?q=passwords+%22security+theater%22 (many of them saying that passwords are NOT security theater but still they wouldn't need to say that it isn't true if someone wasn't saying it was, would they?}

[G+_Curt P.]

Bryan-Mitchell Young Leo listened to what she was saying, and he was spot on.  What she said was grossly misguided.  She may have only been repeating info she heard, but that's just as bad, if not worse than initially saying it.  She had the time to research her findings, but she didn't, or she did a horrible job of it...and she regurgitated bad info to the masses.

  

I think you are nitpicking Leo.  Bottom line is, he is 100% right about the need for very secure and hard to crack passwords, and she is 100% wrong about her suggestion that secure passwords are a hassle and not as necessary as some say.

[G+_Daniel Goldman]

I think a comedian can take a little back. At worst this is a very polite heckling. 

[G+_andrius klajunas]

...briliant...

[G+_Bryan-Mitchell Young]

Curt Price

 No, Leo was not spot on. Leo was spot on about password security but not about what the CBS Sunday Morning commentator was saying. What exactly did she actually say that was misguided? She said people suggested doing things. Is that not true? Have people not suggested those things for making passwords? Is it not true that secure passwords are a hassle?

 

When did she say that secure passwords are not necessary? She said that some people say they aren't effective, which is what some people have said. She did not say they weren't necessary.