BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Are passwords even long enough?

Subject: [Discuss] Are passwords even long enough?
From: richard.pieri at gmail.com (Rich Pieri)
Date: Wed, 6 Jul 2016 20:22:33 -0400
In-reply-to: <43abc9bc-4b74-65cd-2d2b-5cdf3dc891d0@riseup.net>
References: <da2a3b17-dacb-fe11-aeb3-9622103ddc5a@riseup.net> <c8758c88-6482-92e5-58e0-d379b6794b14@borg.org> <43abc9bc-4b74-65cd-2d2b-5cdf3dc891d0@riseup.net>

On 7/2/2016 10:30 PM, IngeGNUe wrote:
> Given that this is the BLU ml, things like "spyware" don't apply to GNU
> Linux. I don't know anyone more careful than me with regard to password

You think not? I think you're wrong:
https://en.wikipedia.org/wiki/Linux_malware

> management. My coworkers think I'm crazy when it comes to security. :) I
> think about all those same things you mentioned.

If you use a federated identity service like Google or Facebook then by
definition you reuse passwords across many sites.

> For example, I never reuse passwords and I never use anyone else's
> computer for logging into things. Especially not on a Winblows computer.
> I only trust Free software I get straight from distros, although Free
> software can have vulnerabilities sometimes. Even then, though,
> everything is carefully planned.

For certain values of "carefully planned":
http://www.howtogeek.com/126995/how-to-disable-the-amazon-search-ads-in-ubuntus-unity-dash/

> Still, there's always the chance that I could have slipped up at the
> wrong time and place. In particular, I used to have an Android with
> Gmail on it. So that was probably it. It was a Nexus too. (Dang!)

Or any of a plethora of applications which use Google's identity
provider. Games with on-line components practically require it.

Also sipdroid if you link a Google Voice account to a PBXes account, but
at least you can use an application password for sipdroid so you do not
expose your actual password.

> IMO, I think someday passwords are going to become obsolete.

Yet again, I think you're wrong. I'll be the first to admit that
passwords have always been a wrong way to manage user authentication.
Problem is, nobody's invented and deployed anything better. 2FA and 2SV
aren't replacements for passwords; they're supplementary passwords
themselves. They're semi-randomly changing passwords but they're still
passwords.

We're stuck with passwords, in any of a number of forms, until someone
figures out a way to perform user authentication in a way that doesn't
rely on codes and phrases but does scale out indefinitely.

-- 
Rich P.

Follow-Ups:
- [Discuss] Are passwords even long enough?
  - From: ingegnue at riseup.net (IngeGNUe)

References:
- [Discuss] Are passwords even long enough?
  - From: ingegnue at riseup.net (IngeGNUe)
- [Discuss] Are passwords even long enough?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] Are passwords even long enough?
  - From: ingegnue at riseup.net (IngeGNUe)

Prev by Date: [Discuss] Are passwords even long enough?
Next by Date: [Discuss] Are passwords even long enough?
Previous by thread: [Discuss] Are passwords even long enough?
Next by thread: [Discuss] Are passwords even long enough?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.