Linkedin has a blog post that ends with this sage advice:
* Make sure you update your password on LinkedIn (and any site that you visit
on the Web) at least once every few months.
I have accounts at probably 100's of sites. Am I to understand that I am
supposed to remember
each one of them an
On 2012-06-08, at 12:48 PM, Michael Thomas wrote:
> I'm sorry, my brain doesn't hold that many passwords. Unless you're a savant,
> neither does
> yours. So what you're telling me and the rest of the world is impossible.
https://agilebits.com/onepassword (1Password) is one solution to managing
On 06/08/2012 09:48 AM, Michael Thomas wrote:
Linkedin has a blog post that ends with this sage advice:
* Make sure you update your password on LinkedIn (and any site that
you visit on the Web) at least once every few months.
I have accounts at probably 100's of sites. Am I to understand tha
> I have accounts at probably 100's of sites. Am I to understand that I am
> supposed to remember
> each one of them and dutifully update them every month or two?
Yes; of course if most of those accounts are moribund and unused then you don't
need to change them so often, but the passwords you u
Michael Thomas wrote:
Linkedin has a blog post that ends with this sage advice:
* Make sure you update your password on LinkedIn (and any site that you
visit on the Web) at least once every few months.
I have accounts at probably 100's of sites. Am I to understand that I am
supposed to remembe
--- lyn...@orthanc.ca wrote:
From: Lyndon Nerenberg
On 2012-06-08, at 12:48 PM, Michael Thomas wrote:
> I'm sorry, my brain doesn't hold that many passwords. Unless you're
> a savant, neither does yours. So what you're telling me and the rest
> of the world is impossible.
t
:: https://agilebi
On Fri, Jun 8, 2012 at 12:48 PM, Michael Thomas wrote:
> So the implication is that I have 100's of passwords all unique and that I
> must
> change every one of them to be something new and unique every few months.
> And remember each of them. And not write them down.
>
> I'm sorry, my brain d
On Fri, Jun 8, 2012 at 1:02 PM, Scott Weeks wrote:
> :: https://agilebits.com/onepassword (1Password) is one solution to
> :: managing web site passwords.
>
>
> Only if you have an OS you have to pay for: apple or ms.
>
>
So use Las
On 2012-06-08 15:48, Michael Thomas wrote:
* Make sure you update your password on LinkedIn (and any site that you
visit on the Web) at least once every few months.
* Do not use the same password for multiple sites or accounts.
* Create a strong password for your account, one that includes letter
On 2012-06-08, at 1:02 PM, Scott Weeks wrote:
> Only if you have an OS you have to pay for: apple or ms.
I don't pay for them. $WORK pays for them.
If you're complaint is about 1Password not running on your particular operating
systems, then pick a solution that *does* run on your OS. There
--- j...@retina.net wrote:
From: John Adams
I use 1password, you might use LastPass. They both work on
Android, iPhone, Linux, Mac, Windows.
No, according to their site 1password does not work on
*nix, however lastpass says it does all *nix flavors.
On 06/08/2012 10:02 AM, Scott Weeks wrote:
--- lyn...@orthanc.ca wrote:
From: Lyndon Nerenberg
On 2012-06-08, at 12:48 PM, Michael Thomas wrote:
I'm sorry, my brain doesn't hold that many passwords. Unless you're
a savant, neither does yours. So what you're telling me and the rest
of the world
I'm surprised no one mentioned a locally stored (and backed up of
course) gpg encrypted file for securing all of your passwords. Very
simple solution for the technically inclined.
Derrick
On Fri, Jun 08, 2012 at 01:08:34PM -0700, Scott Weeks wrote:
>
>
> --- j...@retina.net wrote:
> From: John
- Original Message -
> From: "Michael Thomas"
> I'm sorry, my brain doesn't hold that many passwords. Unless you're a
> savant, neither does
> yours. So what you're telling me and the rest of the world is
> impossible.
>
> What's most pathetic about this is that somebody actually believe
On 06/08/2012 12:56 PM, Paul Graydon wrote:
Use a password safe. Simple. Most of them even include secure password
generators. That way you only have one password to remember stored in a
location you have control over (and is encrypted), and you get to adopt secure
practices with websites.
On 06/08/2012 10:22 AM, Michael Thomas wrote:
On 06/08/2012 12:56 PM, Paul Graydon wrote:
Use a password safe. Simple. Most of them even include secure
password generators. That way you only have one password to remember
stored in a location you have control over (and is encrypted), and
you
On 06/08/2012 01:24 PM, Paul Graydon wrote:
On 06/08/2012 10:22 AM, Michael Thomas wrote:
On 06/08/2012 12:56 PM, Paul Graydon wrote:
Use a password safe. Simple. Most of them even include secure password
generators. That way you only have one password to remember stored in a
location you
> Does your password safe know how to change the password on each
> website every several months?
Not far off, actually; my 1Password has an auto-login-page feature which you
can often wire to be the same as the password-change URL.
So, nyah.
-a
On 06/08/2012 01:24 PM, Paul Graydon wrote:
Oh come on.. now you're just being ridiculous, even bordering on childish.
LinkedIn are offering solid advice, routed in safe practices. If you don't
want to do it that's your problem. Stop bitching just because security is hard.
PS: when security
On 2012-06-08, at 1:22 PM, Michael Thomas wrote:
> Does your password safe know how to change the password on each
> website every several months?
Yes.
> PS: when security is hard, people simply don't do it. Blaming the victim
> of poor engineering that leads people to not be able to perform best
> practices is not the answer.
Passwords suck, but they are the best that we have at the moment in terms of
being cheap and free from infrastructure -
On 06/08/2012 01:35 PM, Lyndon Nerenberg wrote:
On 2012-06-08, at 1:22 PM, Michael Thomas wrote:
Does your password safe know how to change the password on each
website every several months?
Yes.
I run a website. If it can change it on mine, I'd like to understand
how it manages to do that.
On 06/08/2012 01:41 PM, Alec Muffett wrote:
PS: when security is hard, people simply don't do it. Blaming the victim
of poor engineering that leads people to not be able to perform best
practices is not the answer.
Passwords suck, but they are the best that we have at the moment in terms of
bei
On 8 Jun 2012, at 21:55, Michael Thomas wrote:
> With apps and browsers that
> can remember passwords why are we still insisting that users generate
> and remember their own bad passwords? That's one reason that I
> find the finger wagging tone of that Linkedin post extremely problematic --
> the
>Yes; of course if most of those accounts are moribund and unused then you
>don't need
>to change them so often, but the passwords you use frequently should be
>changed at
>regular intervals.
>
>It's pretty commonsensical once the threat is understood.
Given that most compromised passwords these
On Jun 8, 2012, at 1:41 PM, Alec Muffett wrote:
>> PS: when security is hard, people simply don't do it. Blaming the victim
>> of poor engineering that leads people to not be able to perform best
>> practices is not the answer.
>
> Passwords suck, but they are the best that we have at the moment
>> I have accounts at probably 100's of sites. Am I to understand
>> that I am supposed to remember each one of them and dutifully
>> update them every month or two?
> Yes; of course if most of those accounts are moribund and unused then you
> don't need to change them so often, but the passwords
On 8 Jun 2012, at 22:59, John Levine wrote:
> Given that most compromised passwords these days are stolen by malware
> or phishing, I'm not understanding the threat, unless you're planning
> to change passwords more frequently than the interval between malware
> stealing your password and the bad
> Does anybody have a good URL explaining that idea? It's been kicking around
> for many years. I've never seen a convincing writeup.
I've tried to do that in another mail - it's in the realms of philosophy more
than strategy; like if you're a really security-aware person and take great
care
On 09/06/12 05:48, Michael Thomas wrote:
> Linkedin has a blog post that ends with this sage advice:
>
> * Make sure you update your password on LinkedIn (and any site that you
> visit on the Web) at least once every few months.
>
> I have accounts at probably 100's of sites. Am I to understand
On Fri, 08 Jun 2012 16:07:56 -0400, Simon Perreault said:
> And how about "Do not store your passwords using unsalted sha1?"
Heck. I'd let them use pepper or mustard or teriyaki sauce if they wanted.
Figuring out which one was used adds to the entropy. ;)
pgppD53VERlTa.pgp
Description: PGP sign
On 06/08/2012 05:59 PM, Ted Cooper wrote:
They have some things correct in this and some are complete hogwash.
Changing your password does not provide any additional security. It is
meant to give protection against your credentials having being
discovered, but if they have been compromised in t
On Fri, 08 Jun 2012 15:33:29 -0700, Hal Murray said:
> > Yes; of course if most of those accounts are moribund and unused then you
> > don't need to change them so often, but the passwords you use frequently
> > should be changed at regular intervals.
>
> > It's pretty commonsensical once the thre
On Fri, Jun 08, 2012 at 03:17:25PM -0700, Owen DeLong wrote:
>
> On Jun 8, 2012, at 1:41 PM, Alec Muffett wrote:
>
> >> PS: when security is hard, people simply don't do it. Blaming the victim
> >> of poor engineering that leads people to not be able to perform best
> >> practices is not the answ
>> Does your bank request/require that you change the PIN
>> on your ATM card every few months?
> ATM cards are not passwords, they are a coarse form of two-factor
> authentication - You have the card, you have the PIN.
> You have to possess both in order to transact - at least in in theory.
Are the bad guys winning though?
Are they really?
On Jun 8, 2012 9:43 PM, "Hal Murray" wrote:
>
> >> Does your bank request/require that you change the PIN
> >> on your ATM card every few months?
>
> > ATM cards are not passwords, they are a coarse form of two-factor
> > authentication - You hav
On Fri, Jun 8, 2012 at 9:48 PM, Michael Thomas wrote:
> Linkedin has a blog post that ends with this sage advice:
The sagest of which is to ask you to change your password on LinkedIn
itself, *before* actually plugging the hole that led to the passwords
leaking in the first place. Almost as sagel
> :: https://agilebits.com/onepassword (1Password) is one solution to
> :: managing web site passwords.
>
> Only if you have an OS you have to pay for: apple or ms.
The 1password password store has a perfectly usable local-only HTML
app that lives in its data folder.
http://help.agile.ws/1Passwor
My biggest problem still is the multiple computer issue. I am on at least 3-5
physical computers and 1-20 virtual machines, and 2 cellphones a day. I
honestly do not want to store a database of passwords encrypted or not on an
open service.
As I have never had a virus or malware on any of m
A friend would print in block letters in the sig area of his credit
cards "ASK FOR PHOTO ID". He said that almost always cashiers et al
would give a cursory glance like they were checking his signature and
say thank you and hand him back his card.
Maybe someone mentioned this but merchant card co
- Original Message -
> From: "Barry Shein"
> A friend would print in block letters in the sig area of his credit
> cards "ASK FOR PHOTO ID". He said that almost always cashiers et al
> would give a cursory glance like they were checking his signature and
> say thank you and hand him back
On 06/09/12 15:43, Jay Ashworth wrote:
- Original Message -
From: "Barry Shein"
A friend would print in block letters in the sig area of his credit
cards "ASK FOR PHOTO ID". He said that almost always cashiers et al
would give a cursory glance like they were checking his signature and
sa
On Sat, Jun 9, 2012 at 10:52 AM, wrote:
> My biggest problem still is the multiple computer issue. I am on at least
> 3-5 physical computers and 1-20 virtual machines, and 2 cellphones a day.
> I honestly do not want to store a database of passwords encrypted or not
> on an open service.
>
Sec
On 6/9/12, Scott Howard wrote:
[snip]
> Security is all about trade-offs. In this case it's the trade-off between
> storing an excrypted password database on a 3rd party server, v's re-using
> passwords and having (potentially) weaker passwords as a result of not
[snip]
Yes. Using an encrypted
On 6/8/12 16:05 , Alec Muffett wrote:
>> Does anybody have a good URL explaining that idea? It's been
>> kicking around for many years. I've never seen a convincing
>> writeup.
>
> I've tried to do that in another mail - it's in the realms of
> philosophy more than strategy; like if you're a rea
On 6/10/12, Joel jaeggli wrote:
> How good does a password/phrase have to be in order to protect
> against brute-force or dictionary attacks against the password itself?
> ? Entropy in language.
> A typical english sentence has 1.2 bits of entropy per character,
> you need 107 characters
> - Original Message -
> > From: "Barry Shein"
>
> > A friend would print in block letters in the sig area of his credit
> > cards "ASK FOR PHOTO ID". He said that almost always cashiers et al
> > would give a cursory glance like they were checking his signature and
> > say thank you and
On Sun, 10 Jun 2012, Joe Greco wrote:
One of the design goals of the V/MC system is that a cardholder is not
supposed to need anything other than their card and the ability to sign.
This seems to be different across the world. Here in Sweden, they don't
really look at your signature on the ca
On 6/10/12 00:25 , John Souvestre wrote:
> On 6/10/12, Joel jaeggli wrote:
>
>> How good does a password/phrase have to be in order to protect
>> against brute-force or dictionary attacks against the password
>> itself? ? Entropy in language. A typical english sentence has 1.2
>> bits of entropy
On Sun, 10 Jun 2012 08:24:41 -0700, Joel jaeggli said:
> > I don't disagree, except regarding dictionary attacks. If the attack
> > isn't random then math based on random events doesn't apply. In the
> > case of a purely dictionary attack if you choose a non-dictionary
> > word and you are 100.00
On 6/10/12, Joe Greco wrote:
[snip]
> That and a "minimum charge" are among the two most common merchant
> For MasterCard violations, report them!
In the US, Credit card processing networks were forbidden from
prohibiting merchants from establishing certain "minimum charges" to
use a CC, mercha
I was under the impression (I should dig out my contract) that
merchant contracts also forbid charging more for a charge than for
cash or conversely "discount for cash!" but I see so many violations
of that particularly at gas stations I wonder if that's negotiable in
the contract.
I remember my
A merchant can offer a cash discount.
--John
On 6/10/2012 11:16 AM, Barry Shein wrote:
I was under the impression (I should dig out my contract) that
merchant contracts also forbid charging more for a charge than for
cash or conversely "discount for cash!" but I see so many violations
of that
On 06/10/2012 11:22 AM, John T. Yocum wrote:
A merchant can offer a cash discount.
I believe that the law just recently changed on that account. I believe
that what Barry says was the old reality.
Mike
--John
On 6/10/2012 11:16 AM, Barry Shein wrote:
I was under the impression (I should d
> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Sun Jun 10 13:18:06
> 2012
> From: Barry Shein
> Date: Sun, 10 Jun 2012 14:16:10 -0400
> To: Mikael Abrahamsson
> Subject: Re: Dear Linkedin,
> Cc: NANOG , Joe Greco
>
>
> I was under the impression (I sh
- Original Message -
> From: "Robert Bonomi"
> Gas stations that offer a 'discount for cash' do not give that discount
> even for 'house brand' cards -- which do not have any fees that are
> payable to the issuer.
In fact, that's not true. Several chains, notably including Shell, have
a
> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Sun Jun 10 13:26:36
> 2012
> Date: Sun, 10 Jun 2012 11:25:35 -0700
> From: Michael Thomas
> To: "John T. Yocum"
> Subject: Re: Dear Linkedin,
> Cc: nanog@nanog.org
>
> On 06/10/2012 11:22 AM, John T.
The credit card companies should pull their heads out of their asses about this.
It is much better from an anti-fraud perspective for a stolen card not to
contain a specimen signature for the thief to learn to forge.
It is far preferable for the merchant to request ID and verify that the
signat
The agreements often prohibit minimums and cash discounts/card fees.
However, the Dodd-Frank act trumps the agreements as law > contract.
Owen
Sent from my iPad
On Jun 10, 2012, at 11:16 AM, Barry Shein wrote:
>
> I was under the impression (I should dig out my contract) that
> merchant con
It is far preferable for the merchant to request ID and verify that the
signature matches the ID _AND_ the picture in the ID matches the
customer.
In the late 1990s I had a Visa card from (I think) Citibank that had my
picture embossed on the front of the card. I'm surprised this didn't
catc
> > That and a "minimum charge" are among the two most common merchant
> > violations I see.
> >
> > For MasterCard violations, report them!
> >
> > http://www.mastercard.us/support/merchant-violations.html
>
> Is that policy worldwide or just for the US?
http://www.mastercard.com/us/merchant/pdf
> The credit card companies should pull their heads out of their asses about t=
> his.
>
> It is much better from an anti-fraud perspective for a stolen card not to co=
> ntain a specimen signature for the thief to learn to forge.
>
> It is far preferable for the merchant to request ID and verify
On Sun, 10 Jun 2012, Lyndon Nerenberg wrote:
In the late 1990s I had a Visa card from (I think) Citibank that had my
picture embossed on the front of the card. I'm surprised this didn't catch
on with more card issuers. I see that Bank of America offers this free of
charge to their Visa clien
On Sun, 10 Jun 2012 12:29:46 -0700, Owen DeLong said:
> It is far preferable for the merchant to request ID and verify that the
> signature matches the ID _AND_ the picture in the ID matches the customer.
Maybe from the anti-fraud standpoint, but not necessarily from the merchant's
viewpoint.
It
A few years ago I had a checkbook stolen. The genius bank branch
decided it was sufficient to just print new checks starting at a much
higher number and "put it in the system" rather than cancel the
account number. I protested but hey so long as they were responsible
for any fraud*.
Then thousand
On Sun, Jun 10, 2012 at 04:34:55PM -0400, valdis.kletni...@vt.edu wrote:
> On Sun, 10 Jun 2012 12:29:46 -0700, Owen DeLong said:
> > It is far preferable for the merchant to request ID and verify that the
> > signature matches the ID _AND_ the picture in the ID matches the customer.
>
> Maybe from
On Jun 10, 2012, at 12:25 PM, Joe Greco wrote:
>> The credit card companies should pull their heads out of their asses about t=
>> his.
>>
>> It is much better from an anti-fraud perspective for a stolen card not to co=
>> ntain a specimen signature for the thief to learn to forge.
>>
>> It is
In such a circumstance I use the following:
"Close this account. Either send me a check for the remaining balance or
deposit into my newly created account at your institution. Whichever you
prefer."
Owen
On Jun 10, 2012, at 2:45 PM, Barry Shein wrote:
>
> A few years ago I had a checkbook stol
On Jun 10, 2012, at 3:06 PM, Brett Frankenberger wrote:
> On Sun, Jun 10, 2012 at 04:34:55PM -0400, valdis.kletni...@vt.edu wrote:
>> On Sun, 10 Jun 2012 12:29:46 -0700, Owen DeLong said:
>>> It is far preferable for the merchant to request ID and verify that the
>>> signature matches the ID _AND
- Original Message -
> From: "Brett Frankenberger"
> But the same reasoning still applies. The card issuers don't want you
> have to show ID, becuase you might decide it's too much trouble, and
> just use some other method to pay.
Except for Amex, who have always *stringently* required t
On Sun, Jun 10, 2012 at 03:47:20PM -0700, Owen DeLong wrote:
>
> On Jun 10, 2012, at 3:06 PM, Brett Frankenberger wrote:
> >
> > Eliminating fraud isn't an objective of card issuers. Making money is.
> > Fraud reduction is only done when the savings from the reduced fraud
> > exceeds both the co
Don't know if someone already posted this but there forcing people the reset
there passwords, but it let's you reset it to the same password as before...
How many people are going to use the same pass? I'd say a good portion,
LinkedIn needs some new isec employees
On Jun 10, 2012, at 6:11 PM,
> > Eliminating fraud isn't an objective of card issuers. Making money is.
> > Fraud reduction is only done when the savings from the reduced fraud
> > exceeds both the cost of the fraud preventing measure and any revenue
> > that is lost because of inconveniencing customers.
>
> Right, bu
- Original Message -
> From: "Barry Shein"
> This applies just as well to fraud-prevention measures, a cost is a
> cost is a cost, your perceived morality of the cost makes no
> difference, money is fungible! Which means, money doesn't care! You'd
> have to make up the cost of all that fr
On June 10, 2012 at 19:47 apishd...@gmail.com (Ameen Pishdadi) wrote:
>Don't know if someone already posted this but there forcing people
>the reset there passwords, but it let's you reset it to the same
>password as before... How many people are going to use the same pass?
>I'd say a good portion
The Cambridge University Computer Lab has had a crack at this question
in their Technical Report 817 on Web authentication:
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.html
Their conclusion is to use the Mozilla password manager (or close
analogue, but they like it because it's open sou
>From someone who supplies an out-of-country drivers license, I'd request to
>see their passport. From someone who supplies an out-of-state drivers
>license, I'd probably accept it, but the risks there are somewhat reduced at
>least.
OK, someone shows you a Quebec driver's license. You ask for a
On Jun 11, 2012, at 2:35 PM, John Levine wrote:
> OK, someone shows you a Quebec driver's license. You ask for a
> passport, she says, I don't have one, and points at the blue word Plus
> after the words Permis de Conduire at the top of the license. Now
> what?
Banks and most retailers actuall
- Original Message -
> From: "John Levine"
> Although banks have different tradeoffs in risk management than you
> might like, they're not dumb. I expect they figured that the increased
> volume from not slowing down transactions and demanding more than makes
> up for whatever the increas
Sent from my iPad
On Jun 11, 2012, at 11:35 AM, "John Levine" wrote:
>> From someone who supplies an out-of-country drivers license, I'd request to
>> see their passport. From someone who supplies an out-of-state drivers
>> license, I'd probably accept it, but the risks there are somewhat redu
On 2012-06-11 15:05, Owen DeLong wrote:
OK, someone shows you a Quebec driver's license. You ask for a
passport, she says, I don't have one, and points at the blue word Plus
after the words Permis de Conduire at the top of the license. Now
what?
To the best of my knowledge, ICE stopped accept
On 12-06-11 03:14 PM, Simon Perreault wrote:
On 2012-06-11 15:05, Owen DeLong wrote:
OK, someone shows you a Quebec driver's license. You ask for a
passport, she says, I don't have one, and points at the blue word Plus
after the words Permis de Conduire at the top of the license. Now
what?
T
On 11-Jun-12 14:05, Owen DeLong wrote:
> On Jun 11, 2012, at 11:35 AM, "John Levine" wrote:
>> OK, someone shows you a Quebec driver's license. You ask for a passport,
>> she says, I don't have one, and points at the blue word Plus after the words
>> Permis de Conduire at the top of the license
On Jun 11, 2012, at 3:14 PM, Simon Perreault wrote:
> On 2012-06-11 15:05, Owen DeLong wrote:
>>> OK, someone shows you a Quebec driver's license. You ask for a
>>> passport, she says, I don't have one, and points at the blue word Plus
>>> after the words Permis de Conduire at the top of the lice
--- g...@teksavvy.ca wrote:
From: Gabriel Blanchard
How the heck did this conversation go from Linkedin to a Quebec drivers
license? I'm not sure how relevant this is to NANOG. Both subject matters that
is.
--
New to nanog, eh? ;-)
scott
On 11/06/12 12:38 AM, Alexander Harrowell wrote:
A question: password managers are obviously a great idea, and password
manager + synchronisation takes care of multiple devices.
Go ahead and use one of these password managers and load it with all
your passwords. Then load it's smartphone app
On Fri, Jun 08, 2012 at 01:30:42PM -0700, Michael Thomas wrote:
> PS: when security is hard, people simply don't do it.
I think this is exactly right.
The idea that we are going to train everyone on earth to keep eleventy
billion distinct passwords in their heads -- or in a "password safe"
that
KeePass, KeyPassDroid and Dropbox.
I'm sure it will just get simpler as time goes on.
My mom uses a key database just fine.
On Jun 8, 2012 4:49 PM, "Andrew Sullivan" wrote:
>
> On Fri, Jun 08, 2012 at 01:30:42PM -0700, Michael Thomas wrote:
> > PS: when security is hard, people simply don't do i
On Fri, Jun 08, 2012 at 05:00:14PM -0400, Tyler Haske wrote:
> KeePass, KeyPassDroid and Dropbox.
Yes, of course, I'll just upload all my passwords to a place totally
under the control of someone (well, actually, _two_ other ones) else,
and then pray that there never turns out to be a nasty attack
On 2012-06-08, at 2:07 PM, Andrew Sullivan wrote:
> I'm not trying to be dismissive. Those are excellent stopgap
> measures. They're not a solution.
There is no "solution." Security is about risk management, nothing more.
The only way to ensure your personal passwords are never compromised i
On Fri, Jun 8, 2012 at 2:00 PM, Tyler Haske wrote:
> KeePass, KeyPassDroid and Dropbox.
>
> I'm sure it will just get simpler as time goes on.
I second this! I deploy KeePass via MS GPO. No formal training on the
application for the end-users but we do one-on-one with end users when
we can. I hav
On Fri, Jun 08, 2012 at 12:48:38PM -0700, Michael Thomas wrote:
> Linkedin has a blog post that ends with this sage advice:
>
> * Make sure you update your password on LinkedIn (and any site that you
> visit on the Web) at least once every few months.
Um, no.
If the site in question has securi
> Yes, well, I'm being cynical ...
Yes, but are you being cynical enough?
--
> Is 14 months a excusable length of time for someone not to have
> changed their password after a break?
That cuts both ways. Who is changing the password, the good guys or the bad
guys?
--
These are m
Original Message -
> From: "Lyndon Nerenberg"
> The only way to ensure your personal passwords are never compromised
> is to kill yourself after destroying all physical copies of those
> passwords. While ultimately secure, you won't be able to do your daily
> online banking.
No, but on
- Original Message -
> From: "Michael Thomas"
> On 06/10/2012 11:22 AM, John T. Yocum wrote:
> > A merchant can offer a cash discount.
>
> I believe that the law just recently changed on that account. I
> believe that what Barry says was the old reality.
Perhaps, but Cash/Credit for gas
On 06/10/2012 11:33 AM, Jay Ashworth wrote:
- Original Message -
From: "Michael Thomas"
On 06/10/2012 11:22 AM, John T. Yocum wrote:
A merchant can offer a cash discount.
I believe that the law just recently changed on that account. I
believe that what Barry says was the old reality.
On 10-Jun-12 13:33, Jay Ashworth wrote:
> From: "Michael Thomas"
>> On 06/10/2012 11:22 AM, John T. Yocum wrote:
>>> A merchant can offer a cash discount.
>> I believe that the law just recently changed on that account. I
>> believe that what Barry says was the old reality.
> Perhaps, but Cash/Cre
> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Sun Jun 10 13:34:06
> 2012
> Date: Sun, 10 Jun 2012 14:33:03 -0400 (EDT)
> From: Jay Ashworth
> To: NANOG
> Subject: OT: Credit card policies (was Re: Dear Linkedin,)
>
> - Original Message -
> > Fr
On 10-Jun-12 14:01, Robert Bonomi wrote:
>> From: Jay Ashworth
>>
>> Even Further Off-Topic, isn't "debit" supposed to be "cash"? Why do
>> I pay the Credit price for it?
> It is, and *ISN'T*, 'cash'.
>
> Unlike cash (and like a credit card), it is simply an instruction to a third
> party to pa
On 6/10/12 12:23 , Stephen Sprunk wrote:
> On 10-Jun-12 14:01, Robert Bonomi wrote:
>>> From: Jay Ashworth
>
> All of the above is completely irrelevant to the merchant.
Given that the thread now spans nine conversations threads and at least
122 messages and is buried in the finer details of mer
1 - 100 of 102 matches
Mail list logo