On Mon, Oct 10, 2005 at 01:05:38AM +0200, nordi wrote:
Meanwhile, I doubt you believe the need for a password makes your ATM "harder" to use. You are confusing things: With an ATM you _do_ have the risk of someone standing in front of the ATM that is not trusted. As a result, passwords are necessary. With a PC at somebody's home you very often do not have
Carl Hartung wrote: the risk of local attacks.
And with a computer someone could sniff your passwords for things like your bank account....
E.g. many video recorders/TVs have _optional_ passwords that can be activated to prevent the kids messing with it. However, this password function is by default _de_activated (=auto login), since in most cases the there is no "attacker". Hence password protection is unnecessary and would make the video recorder/TV harder to use than necessary. Or how would you like to enter a password every time you switch on your TV? Password protected fridges, anyone? After all, these could get raided as well.
You seem to live in Germany, meaning you probably haven't ever had someone rack up your cable bill, mainly because there isn't one, but in America you pay for watching things on TV and it's VERY SIMPLE to rack up the amount of money they have to pay each month to the cable company and ordering movies which costs A LOT extra.
The same argument goes for your PC at home(which for many users is not more than a TV + telephone + gaming console): If there is no attacker, you do not need a defense!
Ummm, you don't need to be sitting at a computer to get to it. Remote attacks have existed longer than the standing near you ones have.
Yes, I think auto login is a nice *feature* Password protection is the feature, not auto login. You need lots of additional programs and infrastructure for password protection, auto login needs nothing. Think of MS DOS, did that have an auto login program? Maybe you should see auto login more as the removal of an _unnecessary_ feature...
No, MS-DOS didn't have auto log in programs, it was single user single tasking, there is a difference.
but it should be a feature that requires a bit of knowledge forethought and effort to enable Auto login is aimed at the non-technical users, so making it hard to use makes it useless. Btw, a good distribution should _reduce_ the effort it takes to do things, not increase it. And maybe include a few warning signs for the unwary. But with auto login you do not need to be a computer expert to see the security implications.
Regards nordi
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org