On Mon 02 Apr 2018 at 09:07:16 -0400, rhkra...@gmail.com wrote:
> Just continuing to think (or maybe not think ;-) about password managers /
> password security, changing the focus slightly (I think) but keeping the same
> thread.
>
> I'm now thinking about the security (or vulnurability) of p
On Mon 02 Apr 2018 at 09:07:16 -0400, rhkra...@gmail.com wrote:
> Just continuing to think (or maybe not think ;-) about password managers /
> password security, changing the focus slightly (I think) but keeping the same
> thread.
>
> I'm now thinking about the security (or vulnurability) of p
Am 02. Apr, 2018 schwätzte rhkra...@gmail.com so:
moin moin,
Just continuing to think (or maybe not think ;-) about password managers /
password security, changing the focus slightly (I think) but keeping the same
thread.
I'm now thinking about the security (or vulnurability) of passwords duri
Thanks to tomas, Roberto, and likcoras! All good points!
I'm embarrassed to admit that I hadn't thought (at least to the best of my
recent recollection) of the need to encrypt swap--that's something I'll want
to deal with soon.
On Monday, April 02, 2018 09:15:08 AM to...@tuxteam.de wrote:
> O
On Mon, Apr 02, 2018 at 09:07:16AM -0400, rhkra...@gmail.com wrote:
>
> The first two situations that come to mind include:
>
>* during copy and paste operations, the plaintext password could remain on
> the C&P "stack". thus making it vulnurable: Some notes:
>
> (1) I've read about
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Apr 02, 2018 at 09:07:16AM -0400, rhkra...@gmail.com wrote:
> Just continuing to think (or maybe not think ;-) about password managers /
[...]
I don't know of the others (I never felt the need for a PW manager
myself) but...
>* during
Just continuing to think (or maybe not think ;-) about password managers /
password security, changing the focus slightly (I think) but keeping the same
thread.
I'm now thinking about the security (or vulnurability) of passwords during
"normal" usage--I mean, I'm thinking about the times when
On Fri 30 Mar 2018 at 12:15:18 (-0400), rhkra...@gmail.com wrote:
> On Friday, March 30, 2018 11:17:32 AM Eduardo M KALINOWSKI wrote:
> > There's ~/.config
> > (https://www.freedesktop.org/software/systemd/man/file-hierarchy.html#~/.co
> > nfig) . Many apps use it, but still the majority uses ~ dir
On 31/03/18 05:57, der.hans wrote:
> Captcha is still annoying and needs an "I am a cyborg" option.
Cloudfare is an issue, I'm growing to hate it as much as Google, perhaps
more.
CF relies upon Google for captcha, why can't they use and create their own?
I would prefer a captcha from DDG, at l
On 3/30/18, rhkra...@gmail.com wrote:
> On Friday, March 30, 2018 08:44:53 AM Curt wrote:
>> On 2018-03-30, Tomaž Šolc wrote:
>> > Hi
>> >
>> > On 27. 03. 2018 03:02, rhkra...@gmail.com wrote:
>> >> I have what might be called a "religious" aversion to storing what
>> >> I=20
>> >> consider "real
Am 30. Mar, 2018 schwätzte rhkra...@gmail.com so:
moin moin,
As I sometimes (often?) do, just commenting on a few points:
On Friday, March 30, 2018 04:39:05 AM der.hans wrote:
Am 26. Mar, 2018 schwätzte Richard Hector so:
On 26/03/18 04:52, rhkra...@gmail.com wrote:
We can add character s
Am 30. Mar, 2018 schwätzte rhkra...@gmail.com so:
moin moin,
I tend to keep my created data in ~/local/, so ~/local/bin/, ~/local/etc/,
~/local/sandbox/, ~/local/data/, etc.
I then link some of the dotfiles I want to preserve into ~/local/etc/, e.g.
.mozilla, .screenrc and .vim.
I haven't been
On Friday, March 30, 2018 11:17:32 AM Eduardo M KALINOWSKI wrote:
> There's ~/.config
> (https://www.freedesktop.org/software/systemd/man/file-hierarchy.html#~/.co
> nfig) . Many apps use it, but still the majority uses ~ directly (and
> probably allways will).
And now to comment on the above (aga
On Friday, March 30, 2018 11:17:32 AM Eduardo M KALINOWSKI wrote:
> There's ~/.config
> (https://www.freedesktop.org/software/systemd/man/file-hierarchy.html#~/.co
> nfig) . Many apps use it, but still the majority uses ~ directly (and
> probably allways will).
True, but I mainly wanted to comment
On 30-03-2018 11:47, rhkra...@gmail.com wrote:
> * with that in mind, some of my proposals to various people (including
> the
> FHS) included things like creating a new directory, then keeping one named
> /home and naming the new one either something like /data (for real user data,
> and keeping
On Friday, March 30, 2018 09:57:02 AM rhkra...@gmail.com wrote:
> Anyway, these days, I store all my "real user data" in directories other
> than ~, these include directories like /01, /02, (e.g.,
> /bob01, /bob02, /back01, back02), and I have no fear / reluctance to
> create other such top level d
On Fri, Mar 30, 2018 at 09:57:02AM -0400, rhkra...@gmail.com wrote:
> It (the stuff stored as hidden files) is what I now call "user configuration
> data" as opposed to what I call "real user data", which I define as files
> I've
> created or intentionally captured / stored--things like text doc
On Friday, March 30, 2018 08:44:53 AM Curt wrote:
> On 2018-03-30, Tomaž Šolc wrote:
> > Hi
> >
> > On 27. 03. 2018 03:02, rhkra...@gmail.com wrote:
> >> I have what might be called a "religious" aversion to storing what I=20
> >> consider "real" user data in /home.
> >
> > I'm curious. Why do y
On Friday, March 30, 2018 07:54:03 AM Tomaž Šolc wrote:
> Hi
>
> On 27. 03. 2018 03:02, rhkra...@gmail.com wrote:
> > I have what might be called a "religious" aversion to storing what I
> > consider "real" user data in /home.
>
> I'm curious. Why do you have this aversion and where do you store
As I sometimes (often?) do, just commenting on a few points:
On Friday, March 30, 2018 04:39:05 AM der.hans wrote:
> Am 26. Mar, 2018 schwätzte Richard Hector so:
> > On 26/03/18 04:52, rhkra...@gmail.com wrote:
> We can add character set requirements and most sites now allow 30+
> characters, so
On 2018-03-30, Tomaž Šolc wrote:
>
> Hi
>
> On 27. 03. 2018 03:02, rhkra...@gmail.com wrote:
>> I have what might be called a "religious" aversion to storing what I=20
>> consider "real" user data in /home.
>
> I'm curious. Why do you have this aversion and where do you store "real"
> user data?
>
Hi
On 27. 03. 2018 03:02, rhkra...@gmail.com wrote:
> I have what might be called a "religious" aversion to storing what I
> consider "real" user data in /home.
I'm curious. Why do you have this aversion and where do you store "real"
user data?
This is the first time I've heard about not storin
Am 26. Mar, 2018 schwätzte Richard Hector so:
moin moin,
On 26/03/18 04:52, rhkra...@gmail.com wrote:
I started reading up on password managers in order to consider using one.
I use the keepass family - KeePassX on Debian, KeePassDroid on Android.
I believe Windows and Mac versions are avail
On Wed 28 Mar 2018 at 15:27:44 +1300, Richard Hector wrote:
> On 28/03/18 00:19, Brian wrote:
> > I eventually settled on masterpasswordapp
> > because the re-creation aspect appealed to me, it was actively
> > maintained, the author's well-thought arguments were convincing
> > and (insofar as I c
On 28/03/18 00:19, Brian wrote:
> I eventually settled on masterpasswordapp
> because the re-creation aspect appealed to me, it was actively
> maintained, the author's well-thought arguments were convincing
> and (insofar as I could judge) it is secure.
>
> But it did take some time to come to a d
On Tuesday, March 27, 2018 08:47:10 AM rhkra...@gmail.com wrote:
> On Tuesday, March 27, 2018 04:08:07 AM Joe wrote:
> > On Mon, 26 Mar 2018 17:38:33 -0400
> >
> > rhkra...@gmail.com wrote:
> > > > > Yes, at least I think so, unless there is some standard for how
> > > > > to handle passwords (inc
On Tuesday, March 27, 2018 04:08:07 AM Joe wrote:
> On Mon, 26 Mar 2018 17:38:33 -0400
>
> rhkra...@gmail.com wrote:
> > > > Yes, at least I think so, unless there is some standard for how
> > > > to handle passwords (including changing them) on websites. I
> > > > suspect that there isn't. There
On Tuesday, March 27, 2018 03:57:24 AM Joe wrote:
> Something I haven't seen mentioned: KeePassX does a kind of poor man's
> two-factor authentication, allowing the use of both a password and an
> arbitrary file in its encryption. So it's possible to store the file on
> your computer(s) and carry t
On Tuesday, March 27, 2018 12:56:24 AM Kushal Kumaran wrote:
> Set the PASSWORD_STORE_DIR environment variable to point to your
> location of choice. This is mentioned in the "Environment Variables"
> section of the pass(1) manpage.
Thanks! I missed that.
On Mon 26 Mar 2018 at 21:02:48 -0400, rhkra...@gmail.com wrote:
> Thanks to all who replied!
>
> I thought I'd summarize where I am:
>
> I like three of the suggestions (from what I've seen / investigated
> (slightly)
> so far, but with some comments:
>
>* pass: appeals to me a lot--the
On Mon, 26 Mar 2018 17:38:33 -0400
rhkra...@gmail.com wrote:
>
> > >
> > > Yes, at least I think so, unless there is some standard for how
> > > to handle passwords (including changing them) on websites. I
> > > suspect that there isn't. There may be some commonality in
> > > websites generated
On Mon, 26 Mar 2018 21:02:48 -0400
rhkra...@gmail.com wrote:
> Thanks to all who replied!
>
> I thought I'd summarize where I am:
>
> I like three of the suggestions (from what I've seen / investigated
> (slightly) so far, but with some comments:
>
>* pass: appeals to me a lot--the one pro
rhkra...@gmail.com writes:
> Thanks to all who replied!
>
> I thought I'd summarize where I am:
>
> I like three of the suggestions (from what I've seen / investigated
> (slightly)
> so far, but with some comments:
>
>* pass: appeals to me a lot--the one problem for me (for which I believe
On Mon, Mar 26, 2018 at 08:34:28PM +0100, Brian wrote:
> On Sun 25 Mar 2018 at 22:43:26 +0200, Ángel wrote:
>
> > On 2018-03-25 at 19:47 +0100, Brian wrote:
> > > 1 day after the breach your data had been compromised. Changing your
> > > password 10 days later on in your 1 month cycle doesn't seem
On Mon, 26 Mar 2018 21:02:48 -0400 rhkra...@gmail.com said:
> Thanks to all who replied!
You are welcome. :)
>* I also like the approach suggested by Abdullah Ramazanoglu (and
> the somewhat similar Diceware), but I almost didn't find the emails
> from Abdullah-- for some reason my email cl
Thanks to all who replied!
I thought I'd summarize where I am:
I like three of the suggestions (from what I've seen / investigated (slightly)
so far, but with some comments:
* pass: appeals to me a lot--the one problem for me (for which I believe
I've found the solution) is that it stores
On Monday, March 26, 2018 03:49:38 PM Brian wrote:
> On Sun 25 Mar 2018 at 21:54:22 -0400, rhkra...@gmail.com wrote:
> > > at some time in the future>
> >
> > On Sunday, March 25, 2018 08:38:25 PM Richard Hector wrote:
> > > On 26/03/18 04:52, rhkra...@gmail.com wrote:
> > > >* a means to aut
On Sun 25 Mar 2018 at 21:54:22 -0400, rhkra...@gmail.com wrote:
> some time in the future>
>
> On Sunday, March 25, 2018 08:38:25 PM Richard Hector wrote:
> > On 26/03/18 04:52, rhkra...@gmail.com wrote:
> > >* a means to automatically update passwords on the target websites (to
> > >
> > >
On Sun 25 Mar 2018 at 22:43:26 +0200, Ángel wrote:
> On 2018-03-25 at 19:47 +0100, Brian wrote:
> > 1 day after the breach your data had been compromised. Changing your
> > password 10 days later on in your 1 month cycle doesn't seem to me to
> > be reactive security. Better than nothing, I suppos
On 26/03/18 15:13, Abdullah Ramazanoglu wrote:
Forgot to mention. For that (and other things) I use a separate dumb
browser without any active content capabilities (Java, JS, plugins,
etc.)
It is also worth mentioning:
Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
On 26/03/18 04:52, rhkra...@gmail.com wrote:
Here are some of what I think are my criteria for a password manager:
* encrypted storage on my own machines (no storage "in the cloud")
* ability to transfer to other devices, including Android tablets and
phones
[...]
* a means to autom
On Sunday, March 25, 2018 08:38:25 PM Richard Hector wrote:
> On 26/03/18 04:52, rhkra...@gmail.com wrote:
> >* a means to automatically update passwords on the target websites (to
> >
> > facilitate regular / frequent password changes)--this is probably a
> > stretch--I mean something that
On Sun, 25 Mar 2018 11:52:13 -0400 rhkra...@gmail.com said:
> I started reading up on password managers in order to consider using
> one.
>
> Up until now, I've made up passwords myself, and stored them in an
> encrypted file. Some of the drawbacks include:
>
>* I keep the passwords on t
On 26/03/18 04:52, rhkra...@gmail.com wrote:
> I started reading up on password managers in order to consider using one.
I use the keepass family - KeePassX on Debian, KeePassDroid on Android.
I believe Windows and Mac versions are available as well.
>* encrypted storage on my own machines (n
likcoras writes:
> I think pass (https://www.passwordstore.org/) meets most of your
> requirements. It's a glorified shell script that calls gpg under the
> hood to create passwords that are stored locally (under
> ~/.password-store).
I concur with the recommendation for Password Store, in this
On 2018-03-25 at 19:47 +0100, Brian wrote:
> 1 day after the breach your data had been compromised. Changing your
> password 10 days later on in your 1 month cycle doesn't seem to me to
> be reactive security. Better than nothing, I suppose, but closing the
> door after etc.
>
> In any case, your
On Sun 25 Mar 2018 at 14:06:53 -0400, Roberto C. Sánchez wrote:
> On Sun, Mar 25, 2018 at 06:48:15PM +0100, Brian wrote:
> > On Sun 25 Mar 2018 at 11:52:13 -0400, rhkra...@gmail.com wrote:
> >
> > The PIN for my credit card has only four digits.
> >
> > >* I don't change the passwords as oft
On Sun, Mar 25, 2018 at 06:48:15PM +0100, Brian wrote:
> On Sun 25 Mar 2018 at 11:52:13 -0400, rhkra...@gmail.com wrote:
>
> The PIN for my credit card has only four digits.
>
> >* I don't change the passwords as often as I should
>
> There isn't and never has been a need to do this. Passwor
On Sun 25 Mar 2018 at 11:52:13 -0400, rhkra...@gmail.com wrote:
> I started reading up on password managers in order to consider using one.
>
> Up until now, I've made up passwords myself, and stored them in an encrypted
> file. Some of the drawbacks include:
>
>* I keep the passwords o
On 03/26/2018 12:52 AM, rhkra...@gmail.com wrote:
> I started reading up on password managers in order to consider using one.
Good! Welcome aboard.
> Here are some of what I think are my criteria for a password manager:
>
>* encrypted storage on my own machines (no storage "in the cloud")
I started reading up on password managers in order to consider using one.
Up until now, I've made up passwords myself, and stored them in an encrypted
file. Some of the drawbacks include:
* I keep the passwords on the short side
* I don't change the passwords as often as I should
*
51 matches
Mail list logo
