× Keep in mind that suggestions must be within the realm of possibility to be taken seriously.

Posting rules: All registered members can create threads and post to existing ones.

Discord Channel

More
1 year 3 months ago #63097 by XaltatunOfAcheron
XaltatunOfAcheron replied the topic: Discord Channel

Kettlekorn wrote: Do you also individually lock your china hutch, entertainment center, and pantry so that you don't have to lock your house?


Tisk. Defense in depth and diversity of defense are two of the major security design considerations for secure software. Think of it this way: you keep the brush trimmed back around your fortress so people can't sneak up on you. You supply your moat with a generous quantity of piraña, Your portcullus is always supplied with boiling oil. And if that fails, the last check is the most vicious sergent you can find to check ID.
The following user(s) said Thank You: Mister D

Please Log in to join the conversation.

More
1 year 3 months ago - 1 year 3 months ago #63100 by Sir Lee
Sir Lee replied the topic: Discord Channel
Re not using a password manager being more "secure"... how many passwords do you have? I have a lot, probably in excess of 100. There are websites that I visit only once or twice a year, but nevertheless they require a registration and a password in order to do anything useful in them.
With that many passwords, here are the possible strategies:
1. Reuse passwords. Bad idea. No, scratch that: terrible idea.
2. Use some sort of federated authentication, such as Facebook/Google logins. That amounts to the same as using a password manager, except that you are giving up even more of your privacy to the most notorious snoops online. And stealing accounts is hardly unheard of, so if someone steals your Facebook account, there go all your logins with it. Also, that solves only maybe... 30% of the problem? Most sites don't use federated logins.
3. Keep all your passwords in a notebook. I have seen this approach. It's a mess, and the day you need to find out what's, say, your Skype password, you have to figure out which of the seven passwords (four of them scratched out), in three different pages, is the right one. Hint: it's the one you wrote with the notebook upside down, in the inside back cover, in a 9H pencil, with the word "skype" NOWHERE NEAR IT. And your handwriting makes it hard to tell "0" from "O", "1" from "I", "a" from "@" and capitals from lowercase. Also, you can never find the notebook when you need it, because your 3-year-old daughter doodled something in it and took it (including all your important banking passwords) to her friend's house to show it off.
4. Use a MS Word doc (named "Passwords") to keep your passwords. A bit more organized than the above, but well... are you TRYING to make hackers and identity thieves lives easier, putting all your passwords in a machine-readable, unencrypted file?
5. Use your browser built-in password manager *without* a master password. See #4 above.
6. Use your browser built-in password manager with a master password. Well, this is not so bad. The security is hardly top-notch, but it works, sort of, most of the time. Most of them do cloud syncing between your PC and your cell phone, so you have a backup. And you have just one password to memorize. The major limitation is that it's not very useful for storing passwords that are *not* for websites.
7. Use a dedicated password manager with strong encryption. You have a choice between a cloud service (easy syncing, backups included, but involve placing a lot of trust on the company) or an offline one such as KeePass (no trusting third-parties, but you have to set up your own system for backup and syncing).

"Defense in depth" is a good concept, but it does not negates good password management practices; it demands it.

Don't call me "Shirley." You will surely make me surly.
Last Edit: 1 year 3 months ago by Sir Lee.

Please Log in to join the conversation.

More
1 year 3 months ago #63104 by Kettlekorn
Kettlekorn replied the topic: Discord Channel

XaltatunOfAcheron wrote:

Kettlekorn wrote: Do you also individually lock your china hutch, entertainment center, and pantry so that you don't have to lock your house?


Tisk. Defense in depth and diversity of defense are two of the major security design considerations for secure software. Think of it this way: you keep the brush trimmed back around your fortress so people can't sneak up on you. You supply your moat with a generous quantity of piraña, Your portcullus is always supplied with boiling oil. And if that fails, the last check is the most vicious sergent you can find to check ID.

I'm not criticizing using layers of security. I'm criticizing the practice of locking down all the little things while blithely leaving the big thing unsecured, in response to this:

Anne wrote: I could set my computer to remember all my passwords for me... But then I'd need to password protect my desktop...


I am the kernel that pops in the night. I am the pain that keeps your dentist employed.
The following user(s) said Thank You: Mister D

Please Log in to join the conversation.

More
1 year 3 months ago #63123 by Kristin Darken
Kristin Darken replied the topic: Discord Channel
I don't know the state of financial strength of our average reader... but I've generally operated on the logic that "what I don't have, won't attract people who try to take it away". I mostly live paycheck to paycheck, my student loan debt continues to rise because my income based payment plan doesn't even pay for the interest accumulating on my loans. I don't own a house (I rent), a car (I walk, use Lyft, or take public transit), and I have minimal furniture to 'fill' my studio apartment. My computer is easily the most expensive thing in my apartment... and its a six year old system that I built for under a grand.

If someone wants to hack me and/or steal my identity, they can have it. I'll happily let them have all of this one and build up a new one from scratch. I'm not worth the time to hack and I don't have access to anything worth taking my identity for, sadly. Except maybe this site... and I suspect that by this point Malady has local copies of all the things (eyes Malady suspiciously).

Fate guard you and grant you a Light to brighten your Way.

Please Log in to join the conversation.

More
1 year 3 months ago #63202 by ebony841
ebony841 replied the topic: Discord Channel
Thank you Polk for setting this up
The following user(s) said Thank You: Polk Kitsune

Please Log in to join the conversation.

Moderators: WhateleyAdminKristin DarkenE. E. NalleyelrodwNagrijMageOhkiAstrodragonNeoMagusWarrenMorpheusWasamonsleethrOtherEricBek D CorbinMaLAguASouffle GirlPhoenix SpiritusStarwolfDanZillaKatie_LynMaggie FinsonDrBender
Time to create page: 0.098 seconds
Powered by Kunena Forum