On Mon, Oct 10, 2005 at 01:05:38AM +0200, nordi wrote:
Meanwhile, I doubt you believe the need for a password makes your ATM "harder" to use. You are confusing things: With an ATM you _do_ have the risk of someone standing in front of the ATM that is not trusted. As a result, passwords are necessary. With a PC at somebody's home you very often do not have
Carl Hartung wrote: the risk of local attacks.
The risk of people auto logging in can be desastrous. Not so much by hacking as it is by accident. I have found out the hard way that you can delete stuff in the wrong directory. The wife can turn the PC on or the kids, just to look and then by accident delete all of your ~/ and that will happen just before the backup and after spending 10 hours of work on something, or at the moment your backup is out of sync for several weeks.
E.g. many video recorders/TVs have _optional_ passwords that can be activated to prevent the kids messing with it. However, this password function is by default _de_activated (=auto login), since in most cases the there is no "attacker". Hence password protection is unnecessary and would make the video recorder/TV harder to use than necessary. Or how would you like to enter a password every time you switch on your TV? Password protected fridges, anyone? After all, these could get raided as well.
It is not the hacker I am afraid of. A real hacker with physical acess could enter your PC with just a little effort. It is the unintended acces I am talking about.
The same argument goes for your PC at home(which for many users is not more than a TV + telephone + gaming console): If there is no attacker, you do not need a defense!
Yes, I do. So it makes me aware of the fact that when I use a PC, I must use a key, wich then makes me aware that there is a reason for this, safety.
Yes, I think auto login is a nice *feature* Password protection is the feature, not auto login. You need lots of additional programs and infrastructure for password protection, auto login needs nothing. Think of MS DOS, did that have an auto login program? Maybe you should see auto login more as the removal of an _unnecessary_ feature...
You are not really taking MS DOS as an example of why not to use a password, are you. I won't even go into that, because that is way to easy.
but it should be a feature that requires a bit of knowledge forethought and effort to enable Auto login is aimed at the non-technical users, so making it hard to use makes it useless. Btw, a good distribution should _reduce_ the effort it takes to do things, not increase it. And maybe include a few warning signs for the unwary. But with auto login you do not need to be a computer expert to see the security implications.
And that last thing is excactly the point why a password needs to be entered. Now people do not see the security implication. They then also do not see the fact that it can be dangerous just to click on everything. I know people who do not do `wrong` things with their pc's, because they are logged in and therefore the sysadmin knows what is going on. While at the same time, DHCP can tell the sysadmin also ecactly what PC is doing what. For me it is all about resposability. A PC is not a TV or a fridge or any other household applience. If somebody does something to your PC, you might loose data, you might give Phishers your credit card account, you might endager other peoples PC,s by being an open relay, ... The only reason you could turn auto login on is because that way you get much less people asking how the can log in automagically. Explaing this will take about (Guessing here) 90 seconds with another 20 to log the call. I am not including registration. Now pick a number of calls per hour worldwide that this will generate and put those numbers in http://www.erlang.com/calculator/call/ You will see that that amounts to a number of agents, wich can be translated to money. houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html