JohnB in Atlanta

Can you find any documentation with your laptop, or on the websites of either your laptop manufacturer or digitalPersona, which specifies what it is looking for to identify a "logon screen?" If we know that and can get a guess of how old a version of PWSafe you were using, it might be possible to determine what's happening.

Raven: It is truly the case for any password manager. But using a plaintext file is throwing the baby out with the bathwater. What I believe these other posters are trying to suggest is that: A) Defense in depth is a rational approach. How much depth is a function of the sensitivity of your information, the environment you operate in, and how paranoid (sorry, how security conscious) the user is. A missionary operating in a country they're not supposed to be in has different security requirements...

Raven: It is truly the case for any password manager. But using a plaintext file is throwing the baby out with the bathwater. What these other posters are trying to suggest is that: A) Defense in depth is a rational approach. How much depth is a function of the sensitivity of your information, the environment you operate in, and how paranoid (sorry, how security conscious) the user is. A missionary operating in a country they're not supposed to be in has different security requirements from a homemaker...

Upon further consideration, thanks to drew-e's insightful comments and Rony's suggestion, I recant my previous position and think an optional strength checker would be a good idea. I read up on zxcvbn, and it seems a fine candidate for this. [See zxcvbn, and also https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler ] We'd certainly want to have some intelligence (as zxcvbn apparently does) and not just blindly calculate some abstract entropy measure. The user...

Upon further consideration, thanks to drew-e's insightful comments and Rony's suggestion, I recant my previous position and think an optional strength checker would be a good idea. I read up on zxcvbn, and it seems a fine candidate for this. [See zxcvbn, and also https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler ] We'd certainly want to have some intelligence (as zxcvbn apparently does) and not just blindly calculate some abstract entropy measure. The user...

Upon further consideration, thanks to drew-e's insightful comments and Rony's suggestion, I recant my previous position and think an optional strength checker would be a good idea. I read up on zxcvbn, and it seems a fine candidate for this. [See zxcvbn, and also https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler ] We'd certainly want to have some intelligence (as zxcvbn apparently does) and not just blindly calculate some abstract entropy measure. The user...

Also, consider reading: https://www.grc.com/haystack.htm Some other useful commentary, and VERY useful links at the end of the discussion. I don't completely agree with Steve Gibson on this, and I fear that most users won't understand what his tool actually tells you (thus, not a good candidate for us). But still useful reading.

Upon further consideration, thanks to drew-e's insightful comments and Rony's suggestion, I recant my previous position and think an optional strength checker would be a good idea. I read up on zxcvbn, and it seems a fine candidate for this. [See zxcvbn, and also https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler ] We'd certainly want to have some intelligence (as zxcvbn apparently does) and not just blindly calculate some abstract entropy measure. The user...