On 08/14/2014 04:40 AM, Carlos E. R. wrote:
El 2014-08-12 a las 22:05 -0400, Anton Aylward escribió:
On 08/12/2014 09:23 PM, Carlos E. R. wrote:
I know some people that use the exact same 4 digit "password" on all the places, from credit card pin to google.
In one sense I can't say I blame them. I would at least use a different password for important sites, and another for non-important, non-money-involved sites.
The danger here is that if some bad guy gets the password list of a site with low security, he inmediately will try those same passwords and matching users lists on other sites, important sites like say, banks, and get access on a percent of users, because they know of this "one password for all" practice. And they hit gold, of course.
You know the risk. I know the risk. Quite probably the people I speak of know the risk. But it is RISK. They trade the "It won't happen to me" off against the frustration of the poor service and support they get and their technological ignorance. While the likes of Thee and Mee might not actually *be* techno-geeks, we can play one in emulation mode, so we know about password stores and tricks for remembering long pass<strike>words</strike>phrases. We may not be malicious hackers either but that is also something we can play in emulation mode, as you illustrate above, and say to ourselves "Ah, right, I better not do that" because for the likes of Thee and Mee using a password manager and longer passwords is a reflex action. http://www.cnet.com/news/to-stop-security-breaches-kill-the-username-and-pas... Earlier in this thread IIR someone mentioned a colleague who believed that shorter passwords were more secure. *Our* reaction was 'how wrong headed". But some people have the strangest beliefs. I won't say more lest someone complains to Henne again, but there's plenty of evidence to that end. The trouble is that all too often our efforts to educate this people who indulge in what we consider to be high risk activities and practices seem to react as if we are criticizing their core being rather than something they do, and passionately defend their stance. It may be their choice of cell phone, tablet or computer, their clothing and body decoration, the music they listen to, the car they drive, how they educate their kids, the nation they live in or their justification for carrying more weapons than some serving militiamen. Or that other matter I better not speak of if I want Henne to allow me to continue posting. That some people *do* survive such high-risk activities just makes them more obdurate. At that point its not about risk any more, its about ego. When I'm actively engaged as a consultant I feel that I am duty bound to give my client his/her money's worth by making the risk and the cost of remediation or alternate practice quite clear. In many cases, and this thread is illustration one, the differential cost in behaviour is close to zero. Which is the point we are trying to make. And the threat is increasingly as more business and social activities moves to the 'Net. That includes even trivial things like reserving books at the library. But I'm not going to get in a lather if, while attending the library in physical presence to collect a dead-leaves book I encounter someone defending short passwords or using the same password for all the sites that are, in his judgement, "non-critical"; like the library. I'd rather spend that time reading the book. YMMV. -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org