On Sun, Jun 19, 2011 at 11:23:12AM -0400, Cristian Rodr?guez wrote:
El 19/06/11 07:43, Stefan Seyfried escribió:
Sorry, but this is bullshit.
Yep, pretty much, Im not buying this argument at all.
The user password has not that much to do with security.
In short for "local security" the user password matters a royal damn.
If you do not encrypt the hard-disk, add bootloader passsword, and keep the computer in a safe location, the battle, is lost. RIP.
For remote auth, you must use ssh keys or similar, otherwise you are at the mercy of bruteforce attacks, that one is another lost battle btw.
It's not all about airtight security: It's there to let people know that
you do not want them to access your computer. For home use, think of a
locked drawer: Of course your family members may be able to get a lockpick
and unlock the drawer or use a crowbar to force it open - but in an intact
family that is not what will happen. So defaulting the install to ask for
a password is the right thing to do, although it is a weak security measure
it is a perfecly valid "social protection".
Ciao
Joerg
--
Joerg Mayer