funsec mailing list archives
Re: 1 in 3 workers write down passwords
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 18 Oct 2006 14:39:03 -0400
On 10/18/06, coderman <coderman () gmail com> wrote:
On 10/17/06, Ron <iago () valhallalegends com> wrote: > ... > Hmm, I generally tout myself as a security guy, but I have to admit, > even I do that sometimes. agreed; once your password list gets long enough you need to do it. (i'm counting 27 high entropy passwords in my file, like a9@7.8X7&17Rd5#Dw) > Generally, when I'm given a password for a remote system that is > something like "7QbbBr2CqqS", I'll write the password, all by itself, on > a yellow sticky note and stick it to my monitor for a week or two, until > I feel like I've memorized it well enough to toss (fine, eat) the note. i don't even bother trying to memorize. instead i boot into a system with full disk encryption using a single good password/passphrase that i _can_ remember. that is where the text file with all the other passwords lives. (this system also contains all my authorized private ssh keys, which i prefer to passwords when possible)
I would at least use a keyring on top of having a txt file on an encrypted disk. Whole disk encryption is great and all, but its not a security buffer once you boot up. If someone can compromise the userland part of your workstation through the nic(via html, java, java script,, random OS/application flaw) the file is not encrypted to them. -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 1 in 3 workers write down passwords Dude VanWinkle (Oct 17)
- RE: 1 in 3 workers write down passwords Richard M. Smith (Oct 17)
- RE: 1 in 3 workers write down passwords Drsolly (Oct 17)
- RE: 1 in 3 workers write down passwords Richard M. Smith (Oct 17)
- RE: 1 in 3 workers write down passwords Drsolly (Oct 17)
- Re: 1 in 3 workers write down passwords Drsolly (Oct 17)
- Re: 1 in 3 workers write down passwords Dude VanWinkle (Oct 17)
- Re: 1 in 3 workers write down passwords Ron (Oct 17)
- Re: 1 in 3 workers write down passwords Dude VanWinkle (Oct 17)
- Re: 1 in 3 workers write down passwords coderman (Oct 18)
- Re: 1 in 3 workers write down passwords Dude VanWinkle (Oct 18)
- Re: 1 in 3 workers write down passwords coderman (Oct 18)
- RE: 1 in 3 workers write down passwords Richard M. Smith (Oct 17)
- <Possible follow-ups>
- RE: 1 in 3 workers write down passwords Toralv_Dirro (Oct 18)
- Re: 1 in 3 workers write down passwords Fergie (Oct 18)
- Re: 1 in 3 workers write down passwords coderman (Oct 18)
- Re: 1 in 3 workers write down passwords Brian Loe (Oct 18)
- Re: 1 in 3 workers write down passwords coderman (Oct 18)