[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Paul Sutton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Henry Bremridge wrote: > >> http://news.bbc.co.uk/1/hi/technology/8153122.stm >> >> In short: >> >> - Either an employee or Twitter as a policy matter put their financial >> projections etc on google docs. A user with access to these figures >> had a bad password for their web email >> >> - The users personal email was hacked by guessing the password, and >> access obtained to the google docs website >> >> Extract from the BBC article >> >> The hacker has claimed to have wanted to teach people to be more careful >> and in a message to the French blog Korben, wrote that his attack could >> make internet users "conscious that no one is protected on the net." >> >> "The security breach exploited "an easy-to-guess password and recovery >> question, which is one of the simplest ways to make a username and >> password combination really insecure," said Phil Wainewright of >> ZDNet.com >> >> "Unfortunately, users won't wise up until the cloud providers force them >> to." >> >> In a study last year the security firm Sophos found that 40% of internet >> users use the same password for every website they access. >> >> >> >> > > If I register with 10 sitres, all of which require a password do you > expect me to remember 10 passwords which are ideally meant to be a > combination of 8 or more upper / lower case letters and numbers. > > I think a lot of people find this hard, until a system is devised where > one can use some sort of secure password, that can be universal, open > id, sort of thing perhaps. then this problem will persist, its easier > to remember dictionary words. > > either that or people simply write their password down on a note pad and > keep it near the computer, far easier then remembering a password as > described above. > > I think the whole authentication system needs looking at, rather than > expecting users to change their habits. > > Paul > try this little trick password = aaaa1111 site - website.com aaaa1111ebsitecom or websitecoaaa1111 or similar - just remember what youfo You must remember however that not everyone encrypt password in the database so once one db is cracked the games up... I agree the whole authentication needs looking at - trouble is it always seems to end with IDCards! GPG authentication anyone.... Tom te tom te tom > > - -- > Paul Sutton > www.zleap.net > Support Open and ISO standard file formats ISO 26300 odf > http://www.odfalliance.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkpe9LgACgkQaggq1k2FJq0uNQCfVHcCqRgz65O7o7bVogU2lEBj > QHoAoImdiCtd/LcWwXcIHf/8FXDDBBZl > =aFzH > -----END PGP SIGNATURE----- > > -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html