On Sat, 25 Jul 2015 11:43:47 -0400 Anton Aylward <opensuse@antonaylward.com> wrote:
http://www.geek.com/apps/google-compares-security-experts-to-the-rest-of-us-...
Yes I use a unique password generator and I get VERY ANNOYED at sites that a) don't differentiate between UC and LC b) don't permit non alpha characters, especially spaces c) won't let me use password longer than 15 characters or truncate them down to 8 characters
Yes I have a password manager.
Yes I update daily.
Sadly few sites, not least of all my banks, use two-factor authentication. The best of them use what amounts to a 'double password' scheme.
What websites other than Google use two-factor authentication?
All that being said ....
While I update the apps on my phone and tablet, there seems to be no updates to the kernel/os other than buying a new phone or rooting it and installing a 3rd party ROM - which may lack functionality or have other problems.
Lets not even think about updates to the cars and other IoT things! If we do we might get very, very frightened.
Your mention of the subject starts to make me frightened.
Reading through the paper, I noticed that using HTTPS is considered an advisable security strategy. While I don't doubt that sending passwords via SSL is more secure than sending them as unencrypted plain text, I sometimes question the security of SSL. My understanding of the protocol is that a server sends its certificate to the client unencrypted to initiate the connection. If this is right, then an SSL certificate can be intercepted, and the encrypted internet traffic can be decrypted. I would have ranked "be suspicious of everything" as most important on that survey. As a newcomer to this mailing list, I apologize for any of its conventions that I may have ignored. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org