Subj : Re: Betterbird..
To   : Ogg
From : Boraxman
Date : Tue Apr 26 2022 06:09 pm

-=> Ogg wrote to Boraxman <=-

Og> @MSGID: <[email protected]>
Og> @REPLY: <[email protected]>
Og> Hello Boraxman!

Og> ** On Monday 25.04.22 - 09:47, Boraxman wrote to Ogg:

>> Or... the two of you could agree on using exactly the same
>> book, and use something like this:
>>
>> passphrase = ourbook(the first 3 words on page 100, row 10)

>> --
B> A workable idea, definately.

Og> Two people can even establish a "phrase" based on a favourite
Og> "anything" (a food item, wine, tech toy, book, etc..) ..and
Og> simply pre-establish that you will use the first or last 5-
Og> digits of the product code (or in the case of a book, part of
Og> the isbn number.)

Og> I get totally frustrated when some people send me eTransfers
Og> and they put the answer to the passphrase right in the message
Og> box (even when the system expressly reminds the user NOT to do
Og> that.)

Og> Or, they use something really simple like "the town you live
Og> in".  Anyone who knows me would know the answer to that.

Og> It's a sad commentary that some people just don't appreciate
Og> the relevance of keeping things like passphrases and passwords
Og> private.

High trust in some cases.  I did admin work, and people had no issue leaving me
passwords.  This was a while ago, and sometimes they wanted me to help them
with their home computer, again, they just left me with the passwords.

The post-it notes with passwords were always a headache.


B> Another simple option, if you're just looking for the "keep
B> prying eyes who might steal my laptop/gain my password"
B> people out is to send the password in an SMS.

Og> SMS is totally in the clear, and probably all logged - forever.


B> Not as secure,especially if your phone is stolen, but if
B> you delete the message, it should protect you from 99% of
B> the cases where you will need encryption.

Og> Deleting an SMS on your phone, maybe. But all those messages
Og> are accessible to the people who work in the phone industry.

The level of security you need, is based on the threat.  SMS's are in the
clear, but it would take a lot of work to match an SMS with with an account,
particularly if you say by e-mail you'll send the password by SMS, and send the
password by SMS alone, without any other information.

Someone could attack, but for the most part, if your laptop is stolen for
example, your safe, or any other compromise of your computer/e-mail.

Not ideal, but far better than sending it in the same email.

--- MultiMail/Linux v0.52
� Synchronet � MS & RD BBs - bbs.mozysswamp.org

You are viewing proxied material from bbs.kd3.us. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.