 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 07/29/2013 05:08 PM, Tom Metro wrote: > I'm guessing the feature is underutilized not because it is viewed as > insecure, but because 1. developers just aren't aware of it, I was once working on a project for an embedded device and part of the layers of security was a client certificate that needed to be installed. It was only one part. > Sure, but which is an easier task: teaching grandma how to use Keepass > to shuttle credentials between two applications, or fixing flaws in > Firefox's security architecture (if any[1]) such that private keys are > held securely? Far easier and more secure to tell grandma to keep her passwords on paper. Nothing to teach beyond to note each site, and the username and password. Oh, and something about each password containing some parts that are truly random. Give grandma an attractive little notebook and a pair of dice. If the two of you want to get really fancy, have her work out a simple obfuscation that is applied to each written password. No need to swoop in in ten years when the security landscape changes and today's technical solution is no longer a good solution. Sometimes really good computer security components are really, really old technology. -kb
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
