Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
The age of the password is over. We just haven’t realized it
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 16114
Location: Colorado

PostPosted: Sun Nov 18, 2012 5:37 pm    Post subject: The age of the password is over. We just haven’t realized it Reply with quote

The age of the password is over. We just haven’t realized it yet.
_________________
lolgov. 'cause where we're going, you don't have civil liberties.

In Loving Memory
1787 - 2008
Back to top
View user's profile Send private message
John-Boy
Guru
Guru


Joined: 23 Jun 2004
Posts: 439
Location: Desperately seeking moksha in all the wrong places

PostPosted: Sun Nov 18, 2012 5:42 pm    Post subject: Reply with quote

Nothing to replace 'em, unless every site you use starts
issuing RSA cards and they're somewhat expensive as I understand.
_________________
It's later than you think
Back to top
View user's profile Send private message
ichbinsisyphos
Guru
Guru


Joined: 08 Dec 2006
Posts: 547

PostPosted: Sun Nov 18, 2012 7:12 pm    Post subject: Reply with quote

Quote:
And to delay me from getting it back, they used my Apple account to wipe every one of my devices, my iPhone and iPad and MacBook, deleting all my messages and documents and every picture I’d ever taken of my 18-month-old daughter.
Hu? How does that work?

But apart from that I don't see how he says anything new or how time or technological progress has changed anything since 1993. Storing plain text passwords on servers is bad and these idiotic password-recovery-personal-questions are too, I have always filled them with random characters, even though I am not a celebrity with a public private life. Because, if you think of it, answered seriously, many of those questions have less answers and are easier to brute force than even the weakest passwords.

And I don't have any information online that I want to be protected, that I rely on to be protected. If you want to reset my online banking password I receive a new one in the mail. If it would be any other way I'd change my bank. You can of course break up my mail box on exactly the right day.

I also keep my "serious" and other more "playful" stuff strictly separated. You won't be able find the a link between my accounts on facebook and my bank.
I do use the same username and password on several sites, not for the "serious" stuff though.

The risk that remains is that administrators I do trust (work, bank, ...) do something stupid like storing plaintext passwords or creditcard numbers.
Back to top
View user's profile Send private message
energyman76b
Advocate
Advocate


Joined: 26 Mar 2003
Posts: 2031
Location: Germany

PostPosted: Sun Nov 18, 2012 8:54 pm    Post subject: Reply with quote

Quote:

Search for the word “bank” to figure out where you do your online banking. I go there and click on the Forgot Password? link. I get the password reset and log in to your account, which I control. Now I own your checking account as well as your email.


maybe in stupid land but not in Germany. And thanks to TAN-Generators even if he got inside my bank account he would still be unable to do anything.

There are no 'forgot password' links. Every change has to be done by the local office.

Seriously, that guy? Idiot. They got from twitter to apple - how? Because he did something really stupid?
_________________
AidanJT wrote:

Libertardian denial of reality is wholly unimpressive and unconvincing, and simply serves to demonstrate what a bunch of delusional fools they all are.

Satan's got perfectly toned abs and rocks a c-cup.
Back to top
View user's profile Send private message
John-Boy
Guru
Guru


Joined: 23 Jun 2004
Posts: 439
Location: Desperately seeking moksha in all the wrong places

PostPosted: Sun Nov 18, 2012 9:17 pm    Post subject: Reply with quote

energyman76b wrote:
There are no 'forgot password' links. Every change has to be done by the local office.


It's similar over here, although it's mostly phone based - but from recent experience,
they want a blood sample before changing stuff.
_________________
It's later than you think
Back to top
View user's profile Send private message
juniper
l33t
l33t


Joined: 22 Oct 2004
Posts: 758
Location: EU

PostPosted: Thu Nov 22, 2012 1:10 pm    Post subject: Reply with quote

my bank here (hsbc) has annoying 2-factor authentication. They send you this little calculator and everytime you log in you have to generate a code with it. Thus, you would need to know the answer to my secret question (any moron could probably find that out) and you have to have the code generated by this machine.
Back to top
View user's profile Send private message
energyman76b
Advocate
Advocate


Joined: 26 Mar 2003
Posts: 2031
Location: Germany

PostPosted: Thu Nov 22, 2012 5:28 pm    Post subject: Reply with quote

pin to log in (easy)

debit card + tan generator for everything besides looking at the current balance
_________________
AidanJT wrote:

Libertardian denial of reality is wholly unimpressive and unconvincing, and simply serves to demonstrate what a bunch of delusional fools they all are.

Satan's got perfectly toned abs and rocks a c-cup.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 16114
Location: Colorado

PostPosted: Thu Nov 22, 2012 6:00 pm    Post subject: Reply with quote

juniper wrote:
my bank here (hsbc) has annoying 2-factor authentication. They send you this little calculator and everytime you log in you have to generate a code with it. Thus, you would need to know the answer to my secret question (any moron could probably find that out) and you have to have the code generated by this machine.
I'd much rather have something like that than what we have currently, which seems to be an implementation of the FTP2TF protocol (Fail To Plan Plan To Fail). The weak password is of course your choice / fault.
_________________
lolgov. 'cause where we're going, you don't have civil liberties.

In Loving Memory
1787 - 2008
Back to top
View user's profile Send private message
energyman76b
Advocate
Advocate


Joined: 26 Mar 2003
Posts: 2031
Location: Germany

PostPosted: Thu Nov 22, 2012 6:19 pm    Post subject: Reply with quote

I am planning to use HBCI in the future. Can't be more secure than that.
_________________
AidanJT wrote:

Libertardian denial of reality is wholly unimpressive and unconvincing, and simply serves to demonstrate what a bunch of delusional fools they all are.

Satan's got perfectly toned abs and rocks a c-cup.
Back to top
View user's profile Send private message
aidanjt
Veteran
Veteran


Joined: 20 Feb 2005
Posts: 1102
Location: Rep. of Ireland

PostPosted: Thu Nov 22, 2012 6:22 pm    Post subject: Reply with quote

Nonsense. Password reset mechanisms are far more vulnerable than a decent complex password.
_________________
juniper wrote:
you experience political reality dilation when travelling at american political speeds. it's in einstein's formulas. it's not their fault.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum