password caching issues

Mike G.'s Avatar

Mike G.

19 Apr, 2017 04:44 PM

This comment was split from the discussion: Storing keys in Mac Keychain Access

Steve,

Your answers have been very helpful, thanks.

1) Any update on resolving the password cache issue? . . . I've set mine for 12000 seconds (20 minutes), but it definitely still pops up asking for my password again (For some reason I don't want to store the password in my Mac OS Keychain)

2) could you say a bit more about why you don't recommend a web-based password manager? I currently use lastpass, and I know there was a hack, recently, but my understanding is that all the master passwords are hashed.

3) Given that your security precautions include not using web based password managers, what are your thoughts about Mac OS Keychain? I've read a bit that makes it sound secure . . . but I just don't like the idea of Apple 'having' my PGP master password (I know they say they can't see it).

Thanks!

Mike

  1. Support Staff 1 Posted by Steve on 19 Apr, 2017 05:24 PM

    Steve's Avatar

    Mike, I have split your comment into a separate discussion.

    I'll try to answer your questions:

    1) Can you give more details on the scenario you are referring to? When you say you set a caching time, have you entered the password so that it resides in the cache for the given time? The fact that you may be asked for your password twice is expected since signing and decryption maybe done using different parts of your key. Once you entered the password (once or twice) the caching should indeed work as expected. Is that not the case for you?

    2) LastPass has received some attention from Tavis Ormandy from the Google Project Zero team recently. E.g. https://twitter.com/taviso/status/843965519371812864 etc. So it may be a good idea to keep an eye on that and which of the issues are fixed and which remain open.

    3) I answered that part in Discussion #50834 which is about the security of macOS keychain.

    I hope this somewhat answers your questions. Let me know how the caching experiments go.

    All the best,
    steve

  2. 2 Posted by Mike G. on 20 Apr, 2017 03:14 AM

    Mike G.'s Avatar

    Hi Steve,

    Thanks for responding to my questions.

    I set the "remember my password" length in gpgPreferences.prefPane for 1200 seconds (see attached image of my settings). I have to enter my password much more than twice, and certainly nothing is remembered for 12000 seconds. So, yes, it is the case for me that the caching is not working.

    Thanks for the Lastpass and MasOS keychain resources!

    Mike

  3. Support Staff 3 Posted by Steve on 20 Apr, 2017 11:14 AM

    Steve's Avatar

    Should you be available, could you hop on our live chat here:
    https://www.hipchat.com/gi8zHW4K3

  4. 4 Posted by Mike G. on 20 Apr, 2017 05:09 PM

    Mike G.'s Avatar

    Hi Steve,

    I'm at work and don't have my mac here unfortunately. Hope we can chat soon.

    Are you on west coast time per chance? If so I could chat after I get off work as I'm two hours ahead of you.

    Thanks,

    Mike

    Sent on the move

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac