Re: [Mimedefang] Remembering lots of passwords (was Re: FYI: LinkedIn MIMEDefang group is gone)
On Wed, 6 Jun 2012, Les Mikesell wrote: Thanks - but I probably use at least a dozen different devices in the course of a day (win/mac/linux/android, at least) and am not very good at planning to be on the right one at the right time and worse, some are firewalled from each other. Is there some way to handle that without trusting them all to some random outside service? There are still some things I won't put in it myself (i.e. only on a piece of paper or on a flash drive in a safe), but I think the GPL-licensed KeePassX (vs the regular KeePass) + KeePassDroid + DropBox might cover you. http://www.keepassx.org/ http://www.keepassdroid.com/ http://www.dropbox.com/ I have not used the Android one lately, but each time I open KeePassX under Linux (regularly) or under Windows (occasionally), I enter a password and pass it a key-file. The key file path is pre-filled-in, so just type the master password. If you don't have both, you can't get in there. And if you need access to the list at the command-line, export it as text occasionally, encrypt it with gpg... (and shred the text file) Jason -- Jason Englander 394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Remembering lots of passwords (was Re: FYI: LinkedIn MIMEDefang group is gone)
On Wed, Jun 6, 2012 at 2:49 PM, David F. Skoll wrote: > > > Ah, I see. Being a curmudgeon who pines for the old days, I own no > Internet-capable mobile devices. :) I actually enjoy being unreachable > sometimes. I'm old enough to remember computing in the 'old days' as giant bundles of point to point serial cables with mostly-incompatible devices at each end, so I tend to enjoy the new toys that are both wireless and connected to everything all the time. And quick google searches have replaced most of my memory - neither one goes back as far as I'd like, though. -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] FYI: LinkedIn MIMEDefang group is gone
On 6/6/2012 3:31 PM, Les Mikesell wrote: Is that something handy enough that you have access every time you want to get to your mail/facebook/linkedin/amazon, etc.? Yes and no. I use a web-based system with encrypted data at rest that texts my cell-phone for two factor auth. Regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Remembering lots of passwords (was Re: FYI: LinkedIn MIMEDefang group is gone)
On Wed, 6 Jun 2012 14:36:33 -0500 Les Mikesell wrote: > Thanks - but I probably use at least a dozen different devices in the > course of a day (win/mac/linux/android, at least) Ah, I see. Being a curmudgeon who pines for the old days, I own no Internet-capable mobile devices. :) I actually enjoy being unreachable sometimes. TkPasman is probably cross-platform on Win/Mac/Linux, but most likely not Android and for sure not IOS. In this case, I think you're out of luck. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Remembering lots of passwords (was Re: FYI: LinkedIn MIMEDefang group is gone)
On Wed, Jun 6, 2012 at 1:57 PM, David F. Skoll wrote: > >> What is your secret to remembering hundreds of unique passwords? Or >> forgetting the old ones as they change? > > I use a password-keeper app called "TkPasman" (sadly no longer maintained.) > > It encrypts your password list using OpenSSL and a master password. Make > sure that's secure and that your password list is physically protected. Thanks - but I probably use at least a dozen different devices in the course of a day (win/mac/linux/android, at least) and am not very good at planning to be on the right one at the right time and worse, some are firewalled from each other. Is there some way to handle that without trusting them all to some random outside service? -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] FYI: LinkedIn MIMEDefang group is gone
On Wed, Jun 6, 2012 at 2:06 PM, Kevin A. McGrail wrote: >> >> What is your secret to remembering hundreds of unique passwords? Or >> forgetting the old ones as they change? > > Multi-factored authentication to an encrypted storage system unfortunately. > Not writing them down is just not tenable. Is that something handy enough that you have access every time you want to get to your mail/facebook/linkedin/amazon, etc.? -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] FYI: LinkedIn MIMEDefang group is gone
On 6/6/2012 2:50 PM, Les Mikesell wrote: What is your secret to remembering hundreds of unique passwords? Or forgetting the old ones as they change? Multi-factored authentication to an encrypted storage system unfortunately. Not writing them down is just not tenable. After that, my general guideline is to use passphrases not passwords. Things like My_Birthday_is_on_January_1st! are better than randomly generated passwords. Regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Remembering lots of passwords (was Re: FYI: LinkedIn MIMEDefang group is gone)
On Wed, 6 Jun 2012 13:50:45 -0500 Les Mikesell wrote: > What is your secret to remembering hundreds of unique passwords? Or > forgetting the old ones as they change? I use a password-keeper app called "TkPasman" (sadly no longer maintained.) It encrypts your password list using OpenSSL and a master password. Make sure that's secure and that your password list is physically protected. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] FYI: LinkedIn MIMEDefang group is gone
On Wed, Jun 6, 2012 at 1:19 PM, Kevin A. McGrail wrote: >> > In short, yes, LinkedIn had a breach apparently. However, if you use decent > passwords that are unique as any security person will extoll, the damage > should be highly limited. What is your secret to remembering hundreds of unique passwords? Or forgetting the old ones as they change? -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Dedicated email addresses (was Re: FYI: LinkedIn MIMEDefang group is gone)
On Wed, 06 Jun 2012 14:19:53 -0400 "Kevin A. McGrail" wrote: > However, I use dedicated, unique email addresses for the vast > majority of my accounts as I'm sure others on this list do. *shameless plug* Our commecial product, CanIt, has a "Locked Addresses" feature that lets you create random email addresses and lock them to a specific sending domain. My LinkedIn login was t99ef724coxc3...@la.roaringpenguin.com, for example. > In short, yes, LinkedIn had a breach apparently. However, if you use > decent passwords that are unique as any security person will extoll, > the damage should be highly limited. Sure. But I found lately that most messages from LinkedIn were spam anyway, so it was no real loss to terminate my account. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] FYI: LinkedIn MIMEDefang group is gone
Overall, On 6/6/2012 1:18 PM, Ben Kamen wrote: On 2012-06-06 12:02 PM, David F. Skoll wrote: Hi, After the LinkedIn password fiasco, I have deleted my LinkedIn account. Because I was the owner of the MIMEDefang group, I had to delete that too. I've been wondering what to do too... Between Facebook privacy and LinkedIn incompetence... Thankfully, LinkedIn uses a reasonably unique password unlike anywhere else I run on the web. But the incompetence.. ugh... I want to shout, "what is wrong with these companies" --- but I already know the answer. It's not pretty. In fact, it's pretty depressing. My understanding is that at least LinkedIn stored the passwords in SHA-1 format. They need to add a salt to make things less susceptible to look-up tables but assuming you used a unique and strong password, your login is fairly safe. The bigger issue is that they usernames are email addresses. So I think we may see an uptick in spam from that portion of the exploit. However, I use dedicated, unique email addresses for the vast majority of my accounts as I'm sure others on this list do. If there is an exploit, I should be able to track it as I have been for MANY other major companies that have had their databases exploited. In short, yes, LinkedIn had a breach apparently. However, if you use decent passwords that are unique as any security person will extoll, the damage should be highly limited. Regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] FYI: LinkedIn MIMEDefang group is gone
On Wed, 06 Jun 2012 12:18:10 -0500 Ben Kamen wrote: > Thankfully, LinkedIn uses a reasonably unique password unlike > anywhere else I run on the web. I use randomly-generated passwords for all my web sites and they're all at least 16 characters long (unless a web site won't allow such long passwords). So even if my LinkedIn password had been compromised (it wasn't... I downloaded the list of hashes and checked) I'd be OK. But LinkedIn apparently stored pure SHA1 hashes of the passwords instead of salting them, something UNIX has been doing since the Mesozoic era. I have a Facebook account, but I don't use it except to check up on my kids every now and then. :) Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] FYI: LinkedIn MIMEDefang group is gone
On 2012-06-06 12:02 PM, David F. Skoll wrote: Hi, After the LinkedIn password fiasco, I have deleted my LinkedIn account. Because I was the owner of the MIMEDefang group, I had to delete that too. I've been wondering what to do too... Between Facebook privacy and LinkedIn incompetence... Thankfully, LinkedIn uses a reasonably unique password unlike anywhere else I run on the web. But the incompetence.. ugh... I want to shout, "what is wrong with these companies" --- but I already know the answer. It's not pretty. In fact, it's pretty depressing. (sigh) -Ben -- Ben Kamen - O.D.T., S.P. -- eMail: b...@benjammin.net http://www.benjammin.net http://www.linkedin.com/in/benkamen Fortune says: Women professionals do tend to over-compensate. -- Dr. Elizabeth Dehaver, "Where No Man Has Gone Before", stardate 1312.9. - - NOTICE: All legal disclaimers sent to benjammin.net/benkamen.net or any of it's affiliated domains are rendered null and void on receipt of communications will be handled/considered as such. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] FYI: LinkedIn MIMEDefang group is gone
Hi, After the LinkedIn password fiasco, I have deleted my LinkedIn account. Because I was the owner of the MIMEDefang group, I had to delete that too. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang