Security of ssh key passphrases - i.e. where to save them?

Colin Law clanlaw at gmail.com
Sun Aug 18 14:45:43 UTC 2024 

On Sun, 18 Aug 2024 at 15:24, Ralf Mardorf via ubuntu-users
<ubuntu-users at lists.ubuntu.com> wrote:
>
> 2. It is not possible to gain access to a user or root account on my
> computer with those passwords. These are always passwords from mailing
> lists, bug trackers or similar accounts.

That was not clear to me from your previous posts.  Yes, of course,
accounts on external systems are regularly hacked, but that is not an
issue with SSL or how one stores one's passwords.  Even then, though,
I have never had an email containing any of the passwords from hacked
systems

>
> 3. I receive blackmail or other spam, not a huge amount, but some mails
> a day, usually without a password. A lot of mailing list emails are
> filtered by Yahoo and Co, hence I don't receive them. At the moment I
> only receive my own mails via Ubuntu users, while all other mails, like
> your reply are are being held back. IOW spam filtering isn't perfect.
> You are the first one I heard of, who is lucky with perfect spam
> filtering.

Of course I get lots of spam, including blackmail scam, though most of
it is filtered by my mail server.  As I said, though, I have never had
one containing any of my passwords.

>
> I tried to log in the Yahoo account. My password is correct, I have made
> ticks at zebra crossings, motorbikes and buses, but I don't receive the
> "security confirmation mail" by another email account. Those mails are
> even not in the spam folder of this account.
>
> Without going into further details, if you summarise this and other
> facts (I try to keep it short), it looks more likely that the weak point
> is not mine. The weak points obviously lie elsewhere.
>
> Of course, it's easy to write a flippant sentence like that, saying that
> if it's the way it is, then it must be because of me. But that doesn't
> do justice to the realities of security issues.

My flippant sentence was in response to your statement that you
regularly receive spam containing your passwords, I thought you meant
important ones, now I see that you just mean ones that you used on
external systems then I withdraw the suggestion.

On your Yahoo problem do they not supply emergency access codes for
times when your normal 2FA access cannot be used for some reason?

Colin L.

More information about the ubuntu-users mailing list