Are passwords obsolete ?

Louis Mamakos louie at transsys.com
Sat Aug 30 10:24:05 CDT 2014 

I use randomly generated passwords of "reasonable" length, depending on the length 
that's accepted by the system in question.  I don't use the same password in more
than one place.

I don't type my passwords into computers that I don't own/operate.  I try not
to use reusable passwords, e.g., by using public key authentication with
SSH remote login sessions.  Of course, you can only really do this from a
somewhat trusted computer that you own.

I don't use Windoze.

I try to minimize the amount of personal information I disclose.  Who really needs to
know what your birthdate is? 

Facebook apps!  Ha!  Great way to completely steal your social graph and why I
get a whole new class of spam email messages from friends running some
crappy app.  On facebook, YOU are the product, not the other way around.

On occasion I'll use a browser or application in a virtual machine, and the restore
the snapshot afterwards.  This, especially if I'm forced to have to use some
sort of Windoze application or ActiveX thing in Internet Exploder.    When I
worked for Alcatel-Lucent a few years ago, their standard browser was IE6 and
some of their internal applications required it.  I had a Windoze XP virtual machine
on my Mac when I had to access those systems.

If you still use Windoze, and Internet Exploder, just stop it.  And there's no reason
why you should have any IE toolbars installed.   The amount of mischief these things
can do is remarkable. 

Don't just dismiss those SSL certificate warnings when they pop up.  People really
are trying to screw with you. 

Especially when using public WiFi, encrypted sessions are highly desirable.  Often
I bring up a VPN to a trusted endpoint somewhere else and run all my traffic over
that.  I run my own; if you don't want to, then look at these guys: http://witopia.net
I used to work with these guys at UUNET years ago, and have some level of trust.

louie
wa3ymh


On Aug 30, 2014, at 10:43 AM, Andre Kesteloot <akesteloot at gmail.com> wrote:

> so, Gentlemen of Erudition, what are your recommendations ?
> 
> 73
> André N4ICK
> 
> 
> On Fri, Aug 29, 2014 at 7:26 PM, Louis Mamakos <louie at transsys.com> wrote:
> 
> On Aug 29, 2014, at 7:01 PM, Rob Seastrom <rs at seastrom.com> wrote:
> 
> > You, the end user, of course have no control over the clue factor at
> > the various online services you may use, and you also don't know what
> > kind of baddies might work for that company to do some kind of inside
> > job, so re-using passwords across multiple services ought to be on
> > your "do not want" list.
> 
> And when you set or change your password at some web site, and they
> then send you a confirmation email WITH YOUR PASSWORD IN THE CLEAR, you
> can pretty much be sure the clue factor is non-existent.   Feh.
> 
> louie
> wa3ymh
> 
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://amrad.org/pipermail/tacos/attachments/20140830/b2ef6416/attachment.html>

More information about the Tacos mailing list