Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Are passwords even long enough?

On 7/2/2016 10:30 PM, IngeGNUe wrote:
> Given that this is the BLU ml, things like "spyware" don't apply to GNU
> Linux. I don't know anyone more careful than me with regard to password

You think not? I think you're wrong:

> management. My coworkers think I'm crazy when it comes to security. :) I
> think about all those same things you mentioned.

If you use a federated identity service like Google or Facebook then by
definition you reuse passwords across many sites.

> For example, I never reuse passwords and I never use anyone else's
> computer for logging into things. Especially not on a Winblows computer.
> I only trust Free software I get straight from distros, although Free
> software can have vulnerabilities sometimes. Even then, though,
> everything is carefully planned.

For certain values of "carefully planned":

> Still, there's always the chance that I could have slipped up at the
> wrong time and place. In particular, I used to have an Android with
> Gmail on it. So that was probably it. It was a Nexus too. (Dang!)

Or any of a plethora of applications which use Google's identity
provider. Games with on-line components practically require it.

Also sipdroid if you link a Google Voice account to a PBXes account, but
at least you can use an application password for sipdroid so you do not
expose your actual password.

> IMO, I think someday passwords are going to become obsolete.

Yet again, I think you're wrong. I'll be the first to admit that
passwords have always been a wrong way to manage user authentication.
Problem is, nobody's invented and deployed anything better. 2FA and 2SV
aren't replacements for passwords; they're supplementary passwords
themselves. They're semi-randomly changing passwords but they're still

We're stuck with passwords, in any of a number of forms, until someone
figures out a way to perform user authentication in a way that doesn't
rely on codes and phrases but does scale out indefinitely.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /