[security flaw] Ubuntu is a plain text offender
Ioannis Vranos
ioannis.vranos at gmail.com
Tue May 24 17:33:52 UTC 2011
On Tue, May 24, 2011 at 8:01 PM, Kevin O'Gorman <kogorman at gmail.com> wrote:
>
> I have a different take on this.
>
> I have a list of my passwords. There are roughly 800 accounts on the
> list. The passwords are
> not all unique -- not even close, but fall into several categories. A few
> are completely unique,
> a few more are restricted to a specific kind of use, and the rest are reused
> to varying degrees.
>
> If I had 800 distinct passwords, it would be unlikely I could remember all
> of the passwords just
> for accounts that hold money or other negotiable assets, especially if they
> were random, and I
> would have to carry a written list of more bulk than I like, obfuscated or
> not. I would have to use
> the list regularly and risk both losing it and having it "shoulder surfed".
>
> A great many of the passwords are for things that do not worry me greatly.
> A breakin to a
> mailing list would for me be just a nuisance, for instance, as any harm
> would be just talk, and
> could be adequately addressed with more talk and a pw change.
>
> I am not going to reset the PWs on all 800 accounts any time soon, either.
> This has been going
> on for about 15 years. Many of the accounts likely are dead now for one
> reason or another, but
> I'm not going to even try them all any time soon either. Think about it.
>
> My point: match the effort and nuisance value of pw maintenance with the
> real sensitivity of
> the thing being protected. As our lives to increasingly online, there will
> be more people with
> 800 accounts or more of one kind or another. What's needed is a scalable
> system of pw management.
> A judgement call, of course, and preferences will differ. YMMV.
You can always keep your passwords in a text file (like an
OpenOffice/LibreOffice document), and back up it often, e.g. weekly.
--
Ioannis Vranos
http://www.cpp-software.net
More information about the ubuntu-users
mailing list