Prev: /dev/sdb1 partition not created
Next: Replace string without sed/regex
From: The Natural Philosopher on 18 Jun 2010 17:35
Kenny McCormack wrote:
> In article <877hlwutaq.fsf(a)thumper.dhh.gt.org>,
> John Hasler <jhasler(a)newsguy.com> wrote:
>> Kenny McCormack writes:
>>> ...and the point of storing them with your credit cards is a good one
>>> - right up until someone steals your wallet...
>> What are the chances that they will figure out what the passwords are
>> for and use them before you discover that your wallet is missing and
>> change them?
>
> Ya know - I hoped that'd would be clear enough as I wrote it, but then
> again, this is Usenet, where you have to make everything 100000% clear,
> or someone will find a way to misinterpret.
>
> Obviously, the guy who steals your wallet doesn't give a flip about your
> passwords - he probably doesn't even care about your credit cards. He
> just takes the cash and goes and buys drugs with it.
>
> The point is that *you* are greatly inconvenienced by losing all your
> passwords (since, by assumption, you haven't even tried to memorize them
> - that was the whole point of keeping the slips of paper).
>
Indeed. cost me £500 to change the locks on the car..only to find the
old keys 6 months later tossed in the hedge..

From: John Hasler on 18 Jun 2010 18:43
Kenny McCormack writes:
> Obviously, the guy who steals your wallet doesn't give a flip about
> your passwords - he probably doesn't even care about your credit
> cards. He just takes the cash and goes and buys drugs with it.

Sorry. I have seen "someone might steal your wallet and get your
passwords" explicitly used as a serious argument against my suggestion,
though those using this argument have never produced an example of a
security breach so caused.

Of course, if most people _did_ carry a little black book full of
passwords it would be one of the things a pickpocket would know to sell,
but it wouldn't bring much since it would usually become useless within
hours.

> The point is that *you* are greatly inconvenienced by losing all your
> passwords (since, by assumption, you haven't even tried to memorize
> them - that was the whole point of keeping the slips of paper).

Only if you have failed to store away a backup copy. But is your wallet
stolen so frequently that this is a serious problem? Mine's been stolen
once in the fifty or so years I've been carrying one.
--
John Hasler
jhasler(a)newsguy.com
Dancing Horse Hill
Elmwood, WI USA
From: jellybean stonerfish on 19 Jun 2010 18:25
On Fri, 18 Jun 2010 19:56:53 +0000, Kenny McCormack wrote:

> In article <877hlwutaq.fsf(a)thumper.dhh.gt.org>, John Hasler
> <jhasler(a)newsguy.com> wrote:
>>Kenny McCormack writes:
>>> ...and the point of storing them with your credit cards is a good one
>>> - right up until someone steals your wallet...
>>
>>What are the chances that they will figure out what the passwords are
>>for and use them before you discover that your wallet is missing and
>>change them?
>
> Ya know - I hoped that'd would be clear enough as I wrote it, but then
> again, this is Usenet, where you have to make everything 100000% clear,
> or someone will find a way to misinterpret.
>
> Obviously, the guy who steals your wallet doesn't give a flip about your
> passwords - he probably doesn't even care about your credit cards. He
> just takes the cash and goes and buys drugs with it.
>
> The point is that *you* are greatly inconvenienced by losing all your
> passwords (since, by assumption, you haven't even tried to memorize them
> - that was the whole point of keeping the slips of paper).

The point is, you can generate many passwords, and with a bit of planning
and work while creating them, you won't need to write them down to
remember them. The memory is built on ideas rather than trying to
memorize random characters or words.




From: unruh on 20 Jun 2010 04:19
On 2010-06-18, John Hasler <jhasler(a)newsguy.com> wrote:
> Kenny McCormack writes:
>> You and I might just be able to handle what you suggest above, but
>> normal users? No way.
>
> Right. So the thing for "normal users" to do is use a seperate strong
> password (i.e., one generated by software, not by them) for each
> seperate purpose and _write it down_. That's right, _write it down_ and
> keep the written record in a safe place such as in their wallets with
> their credit cards. The constant admonition to never write down a
> password is idiotic. It is primarily responsible for the very common
> practice of using a single easily-guessed password everywhere.

As always it depends ont he attack model. I you are working at a top
security installation where strangers come wandering around, having your
passwords written down on you monitor is a bad idea. If you live in your
own flat and trust your wife, it might not be so bad. If the attcke
comes from the internet, then the writing on your monitor is far more
secure than storing it in a file.
From: Kenny McCormack on 20 Jun 2010 09:22
In article <slrni1rjp1.vd3.unruh(a)wormhole.physics.ubc.ca>,
unruh <unruh(a)wormhole.physics.ubc.ca> wrote:
....
>As always it depends ont he attack model. I you are working at a top
>security installation where strangers come wandering around, having your
>passwords written down on you monitor is a bad idea.

Nobody said anything about wrtten on your monitor. We are talking about
storing them in your wallet.

--
Just for a change of pace, this sig is *not* an obscure reference to
comp.lang.c...

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: /dev/sdb1 partition not created
Next: Replace string without sed/regex