[security flaw] Ubuntu is a plain text offender
Ioannis Vranos
ioannis.vranos at gmail.com
Mon May 23 16:00:41 UTC 2011
On Mon, May 23, 2011 at 6:14 PM, Kent Borg <kentborg at borg.org> wrote:
>
> I am never bothered when a mailing list sends me a plaintext password.
>
> But *I* do something Extremely Radical: I don't reuse passwords.
>
> If a mailing list password of mine gets out it is only a mailing list
> password.
>
> Reusing passwords is too scary. Somehow the idea of having just one (or a
> small number) of keys to my life and casually handing out copies to anyone
> who asks seems really stupid. How do I know what they are going to do with
> it?
>
> Write down your passwords. Yup. Write them down. Keep a list, obscure things
> a little in the list, but keep a list. Put it in your wallet, keep an
> updated copy someplace else. If someone steals your wallet you will probably
> notice it and you will be able to go change passwords before the thief
> figures out your obscuring scheme.
>
> But when you reuse a password and one of the various sites is broken into,
> first you won't know it was broken into, second, even if you did get
> notified...how would you ever know what other sites you used that password
> on if you don't keep a list?
>
> Yes, it is better for mail reflectors to not send out plaintext passwords,
> but it wouldn't matter much if you didn't reuse passwords.
I agree with the above. apg is a very good program for generating passwords.
--
Ioannis Vranos
http://www.cpp-software.net
More information about the ubuntu-users
mailing list