Re: Web site busted?
- From: houghi <houghi@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 21 Jun 2008 19:50:59 +0200
However, excuse me if I'm being naive, but isn't one of the main selling
points of Linux security? Why on earth would one use the same password?
So you do not forget the password. or are forced to write it down
Even most of my 'well enough' educated friends who don't log into windows
with an admin account know to use a different password for admin vs user.
I do not know what the security risks under Windows are, but I know they
are much higher there. Password revealers and all. One program and you
can see what people enter in clear text.
Or am I assuming a higher risk of compromise than I should? Surely it
cant be good practise?
Convinience vs security. The most secury thing is not to start the
machine at all, but that is not very convinient. Next is the
Internetconnection, but people are willing to sacrifiece there as well.
Then there is the fact that we need to rememeber so many passwords that
people will have to write it down. Yes, perhaps you (you in general, not
specific) might be able to remember all 15 passwords that also change on
a semi-random way. Most people don't.
OK, let us asume that the password is 9ruyabrU for bnoth. How high is
the risk of getting the password for a random user? The risk of getting
it for root is higher then for houghi, as root is a given and houghi is
not. When they do have the one for root, they own the box.
Now when they find it for houghi, they could have enterd, yet still not
know my password. Placing a keylogger will give away the password the
moment I do su.
So the real danger is not the fact that the passwords are the same. The
danger is that people get access to my account.
If you have only one machine, remembering 2 passwords is no problem (for
the generic people) However I have at least 50-100 places where I need
to enter passwords. So what do people do? They start using the same
To me it is safer to have 5 good passwords then 50 weak ones.
1) For banking
2) For personal PC access
3) For personal online access like mail
4) For work (Changes monthly)
5) For websites
To me the monthly changing of the password makes me use a weaker
Obviously YMMV. I used to have two different passwords, but then I
realized: why bother? To me it is security through obscurity.
We all came out to Montreux Frank Zappa and the Mothers
On the Lake Geneva shoreline Were at the best place around
To make records with a mobile But some stupid with a flare gun
We didn't have much time Burned the place to the ground
- Prev by Date: Re: Web site busted?
- Next by Date: Re: 11.0 can't start x server on laptop
- Previous by thread: Re: Web site busted?
- Next by thread: Re: Web site busted?