On Wed, 07 Aug 2013 21:30:23 +0200, Josh Berry <[email protected]> wrote:
by filling in forms. The only scenario I see brought up that this
protects
against is a "crime of opportunity" where the attacker has less than a
minute. In all other scenarios, you should be locking your account.
Correct. The crime of opportunity in a tight time frame (seconds) is
precisely what I'm talking of.
I'm confused on your rsync of all settings. I was referring to your
gmail
or similar settings. Heck, even your facebook email address. If someone
I don't use gmail, so I was referring to the fact that you could tweak
with the settings of my rich client application for managing email.
But your point is correct for any possible web application that has some
sensible configuration. Still that's the case of a master password! With
Opera, if I log in to any site that requires a password, it prompts for
the master password before going on. It has a policy about how long it can
"recall" the master password. Guess what, I set it to always ask. With
Chrome, you just type the URL, it autocompletes the account/password
fields and you just need to click on ok. It's bad, again, it takes mere
seconds.
--
Fabrizio Giudici - Java Architect @ Tidalwave s.a.s.
"We make Java work. Everywhere."
http://tidalwave.it/fabrizio/blog - [email protected]
--
You received this message because you are subscribed to the Google Groups "Java
Posse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/javaposse.
For more options, visit https://groups.google.com/groups/opt_out.
