kbjarkefur
commented
4 years ago Thanks for all of this feedback. All good points!
I am surprised that LastPass does not ask you to remember password. Are you looking at LastPass browser extension or at lastpass.com in your browser? Your veracrypt point came up yesterday and it was due to us having a slightly older version of veracrypt, but the LastPass web extension I re-installed recently.
Will add a note about that regarding lastpass emergency access. You can do your own version of this by sharing your masterpassword in a secure password item to the person you trust instead.
Your point about google chrome remembering password is important and we missed that. Thanks!
It is likely that there will be several resources we need to update to accommodate these new recommendations. iefolder is definitely one of them. We already got feedback from you guys that we will work in to those recommendations. No matter how much we test something, we will always learn new things when we make 40 people repeat our instructions.
MRuzzante
Following up the bootcamp, there are couple of things in https://github.com/worldbank/dime-standards/blob/master/dime-research-standards/pillar-4-data-security/data-security-resources/password-manager-guidelines.md you guys could update.
Also, in https://github.com/worldbank/dime-standards/blob/master/dime-research-standards/pillar-4-data-security/data-security-resources/veracrypt-guidelines.md, before point 8., you could include the recommended Encryption Options to use:
Finally, it would be nice to have some guideline on how to tailor the
iefolder-like master do-files to point to the VeraCrypt volume and prompt the user to mount it any time she runs a do-file containing encrypted data.Cheers!
Edit (3/13) by @kbjarkefur : This does not happen in the browser extension, but on lastpass.com