Let's keep in mind that I never said that having multiple passwords *was* the solution. I'm just looking for ideas. So, keep them coming. ;-)
--- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author: "Best Practices for Managing Linux and UNIX Servers" "Spam Fighting and Email Security in the 21st Century" Download your free copies: http://www.puryear-it.com/publications.htm Thursday, February 15, 2007, 3:30:55 PM, you wrote: > > Tim Fournet wrote: > > I've checked with four different email applications on the Palm Treo, as > well as some available on the Blackberry, and none of them show the > password as cleartext on the config screens. Sure, someone could > conceivably hook up the device to a reader, perform a hex dump of the > contents of the memory, and the passwords are probably visibly in there; > but my point is that by the time this can be done, a user can change his > password ---- as long as he knows how and when to change it! Giving him > a password that is "just for email" doesn't necessarily make his "real" > password more secure, because he can store that on the PDA just as well > > None of these mitigation activities get around the fact that > 1) some users are stupid > and > 2) some vendors are stupid and have buggy/easily broken applications. > > I don't necessarily see having multiple passwords as doing much to help the > situation. > > The DoD is starting to require two factor authentication. Users > must log in with smart cards and use a password. So you have to have > the card and the password.? Even their webmail and VPNs are accessed that > way.?? > > > Shannon Roddy wrote: > > > On 2/15/07, Tim Fournet <tfournet at tfour.net> wrote: > > > I doubt many devices actually store the passwords in an > easy-to-access cleartext sort of way. > > > Umm... wrong answer. ;-) You'd be surprised. > _______________________________________________ > General mailing > listGeneral at > brlug.nethttp://mail.brlug.net/mailman/listinfo/general_brlug.net > > > _______________________________________________ > General mailing > listGeneral at > brlug.nethttp://mail.brlug.net/mailman/listinfo/general_brlug.net > > > >
