[conspire] CABAL meeting tomorrow (also, webmail security discussed here)
Rich Bodo
richbodo at gmail.com
Fri Sep 11 14:44:26 PDT 2009
I have been thinking about this recently as well.
> Bank B asks, for its Mastercard account, "Where was your mother born?"
> I type in "Ganymede" -- and store _that_ in the Bank B entry in my PDA.
I use a password database (password gorilla) and I have it generate a
complex password for both the password fields and the answer to
"password question" type fields.
That's a little cubmersome as I sometimes end up with lots of
passwords for one account, and sometimes have to make notes as well,
as to what kind of question it will ask, etc.
> Also, it's really a huge improvement to general security, in my opinion,
> for me to _not_ ever access that password database on any
> general-purpose computer, and instead only on my PDA. It's much, much
> easier to protect that data against security compromise.
Interesting. I have a different strategy. I don't think it's the
height of security, but it allows me to focus on getting only a couple
things right. Really, I'm not totally happy with it so this thread
might inspire some ideas.
I just make sure my password database always gets used, so I put the
db on a USB keychain, along with the binaries for linux/win/mac. That
way, I can plug into any computer, and access my password database. I
also back it and the binaries up to online storage. My backup
software (jungledisk) syncs hourly, and grabs it off my usb key or
elsewhere if my password db is there and it's updated. I'll take a
risk and put copies temporarily onto other computers if I absolutely
need to.
But my policy just burns down to two things:
1) always use an encrypted password database to generate or access passwords
2) go through and change my passwords fairly frequently, usually
coinciding with bouts of paranoia after having opened my db on a
strange computer.
The one feature that I think makes this faster than any other method I
have tried is the "copy to clipboard" feature of password gorilla.
I'm almost always in a mixed graphical/text environment these days,
and I haven't had to type or memorize a password in a long time.
-Rich
http://rbodo.blogspot.com
http://www.linkedin.com/in/complete
Skype: richbodo
irc: irc.freenode.net, rich
More information about the conspire
mailing list