Re: Web site busted?

central wrote:
However, excuse me if I'm being naive, but isn't one of the main selling
points of Linux security? Why on earth would one use the same password?

So you do not forget the password. or are forced to write it down
somewhere else.

Even most of my 'well enough' educated friends who don't log into windows
with an admin account know to use a different password for admin vs user.

I do not know what the security risks under Windows are, but I know they
are much higher there. Password revealers and all. One program and you
can see what people enter in clear text.

Or am I assuming a higher risk of compromise than I should? Surely it
cant be good practise?

Convinience vs security. The most secury thing is not to start the
machine at all, but that is not very convinient. Next is the
Internetconnection, but people are willing to sacrifiece there as well.

Then there is the fact that we need to rememeber so many passwords that
people will have to write it down. Yes, perhaps you (you in general, not
specific) might be able to remember all 15 passwords that also change on
a semi-random way. Most people don't.

OK, let us asume that the password is 9ruyabrU for bnoth. How high is
the risk of getting the password for a random user? The risk of getting
it for root is higher then for houghi, as root is a given and houghi is
not. When they do have the one for root, they own the box.

Now when they find it for houghi, they could have enterd, yet still not
know my password. Placing a keylogger will give away the password the
moment I do su.

So the real danger is not the fact that the passwords are the same. The
danger is that people get access to my account.

If you have only one machine, remembering 2 passwords is no problem (for
the generic people) However I have at least 50-100 places where I need
to enter passwords. So what do people do? They start using the same
password.

To me it is safer to have 5 good passwords then 50 weak ones.
1) For banking
2) For personal PC access
3) For personal online access like mail
4) For work (Changes monthly)
5) For websites

To me the monthly changing of the password makes me use a weaker
password.

Obviously YMMV. I used to have two different passwords, but then I
realized: why bother? To me it is security through obscurity.

houghi
--
We all came out to Montreux Frank Zappa and the Mothers
On the Lake Geneva shoreline Were at the best place around
To make records with a mobile But some stupid with a flare gun
We didn't have much time Burned the place to the ground
.

Relevant Pages

  • Re: ports security (was: fetch extension - use local filename from content-disposition heade
    ... AFAIK does not build as root. ... > Note that both of these features are somewhat paranoid security ... I think that running fetch as root is really an unnecessary risk to the ...
    (freebsd-current)
  • Re: question about Linux boxes only running as root
    ... And if I want a root shell, I can get it instantly, but its very much obviously a root shell. ... For me, that's great., No irritating second password barrier to becoming an admin, but its clear when I am admin. ... there is no perfect security, there is always a tradeoff between security and hassle in unlocking the doors. ... But you can essentially have that anyway, with less risk of accidental trashing. ...
    (comp.os.linux.misc)
  • Re: root password
    ... I got the impression that he doesn't know the root password and he ... yet remember that people who have physical access will be able to break ... If security is a high priority, ...
    (alt.os.linux.suse)
  • Re: Help please: problem with slow KDE and programs
    ... houghi wrote: ... Please elaborate about the security risks. ... there are security patches and others that are only ...
    (alt.os.linux.suse)
  • Re: password on SLES 10
    ... houghi wrote: ... I have a question about the password security on a SLES 10 server. ...
    (alt.os.linux.suse)