[Discuss] can one safely login multiple times to the same user on a modern Linux desktop?
Dan Ritter
dsr at randomstring.org
Thu Sep 6 10:30:56 EDT 2012
On Thu, Sep 06, 2012 at 10:23:58AM -0400, John Abreau wrote:
> On Thu, Sep 6, 2012 at 10:17 AM, Edward Ned Harvey (blu)
> <blu at nedharvey.com> wrote:
>
> > Why is this a discussion? Why wouldn't you just lock the screen, or suspend/resume a remote session, rather than killing everything?
> >
> > I know I lock my screen every time I walk away. At work it's important for security because I've got all my root and admin sessions open, password lists, etc. At home, it's important, because my 3-yr old daughter loves to press buttons and things.
> >
>
>
> Earlier in the thread, someone asserted that locking the screen was
> not good enough, and that completely logging out every time you walk
> away from the computer was the One True Faith.
It depends on your threat profile.
If you are in an insecure area with a high value target, you
must take the computer with you every time you leave. Example:
airport, transit terminal, shared office space with people you
do not trust.
(Threats: Physical theft. Hardware alteration with a keylogger or
malicious bootloader. Cryogenic RAM preservation.)
If you are in a generally secure area and do not have a target
sign painted on your back, locking the screen is probably good
enough even for overnight or over-weekend. E.g.: most office
spaces without frequent visitors.
For a particularly low-value target, like my living room PC, you
could reasonably use a screensaver and no password at all.
-dsr-
More information about the Discuss
mailing list