[Discuss] Most common (or Most important) privacy leaks

Jerry Feldman gaf at blu.org
Sat Feb 21 08:04:06 EST 2015


On 02/18/2015 12:30 PM, Richard Pieri wrote:
> On 2/18/2015 11:20 AM, Bill Bogstad wrote:
>> And the same users are going to use "Four score ...." if you require
>> longer passwords,
>>   so you lose anyway.
>
> I did preface that with "[p]assword reform starts with...".
>
> Key chain managers can be a good next step. They allow the use of
> arbitrary, random gibberish as passwords in a way that users only need
> to remember one good password for unlocking the key chain. In essence
> they can do the same thing that heavy duty encryption systems do: they
> generate large random keys for actual encryption and encrypt these
> keys with user-provided passwords or passphrases. This way you can
> have strong passwords without any password reuse. Link a key chain
> manager to a trustworthy third party and you can have a robust
> password management system that is resistant to attacks.
>
One issue I had with SecureID years ago was that it required you to log
in within a certain amount of time. The number on the Secure Id was hard
to read, and it would take me a couple of times before I was able to
type in the number and the pin before the time out. But, I would agree
that keychain managers are a viable solution.

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:B7F14F2F
PGP Key fingerprint: D937 A424 4836 E052 2E1B  8DC6 24D7 000F B7F1 4F2F





More information about the Discuss mailing list