Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Are passwords even long enough?



On 7/7/2016 8:07 PM, IngeGNUe wrote:
> But that means you're considering whether one of Google's sites are
> compromised, which is something I thought we had written off as
> improbable. It's not like I'm using a Google account to log in to a
> Bookface.net website or whatever.

Comodo issuing fraudulent Google certificates qualifies as "Google's
sites are compromised".


> Or does Google rely on some other site to host, for example, YouTube?
> Are you saying that their whole one-google-account-for-all-google-sites
> is bad security? Because, that's what Google Apps (not talking about
> Android) is.

It's a truism that password reuse is a problem. If you reuse passwords
then compromise of one server/service means compromise of many
servers/services.

Single sign on subsumes one password for many servers/services.

Therefore yes, what Google Apps does is bad security.


> Alright, but that's the whole using a Google Account to log in to
> Headdesk.com. I mean, if there's a federated login service for Google
> Accounts, this is the first I've heard of it / I've never heard of it.

Google, Facebook, Microsoft and Yahoo all provide federated identity
services for third parties. Others do, too, but those are probably the
biggest names globally.

Now you've heard of it.


> Another thing, related to endpoint security, is the mail client. They
> say it's good enough to have SSL with POP/IMAP but then again, I don't
> have much faith in the way SSL is implemented. Then again, I don't know
> how much faith I *should* have in it.

None.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org