-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tero Pesonen wrote:
On Saturday 29 November 2008, Rajko M. wrote:
For private use I tend to prefer password, entry plus blocks on external firewall as I have very little call for external ssh access at the moment. On the very rare occasions I think I will need it (once in the last 12 months or so), I set up the port to be opened at external firewall at a fixed time for a fixed time. (The key is in your head, and if you loose that you have other things to worry about :-) ). Sure, under some circumstances :-D Under normal conditions, it is not so hard to trick yourself and forget easy to remember password. I did that few times creating passwords for others. Luckily I know more than one way to recover from that kind of problem, otherwise it would be real embarrassment.
For less often used passwords, or for those that are of high quality and thus difficult to remember unless used often, such as "LnhU34p3Olxm7yXKtns92", and the like, I recommend a password "safe" -- a plain ASCII text file where they are written. Encrypt it symmetrically (or asymmetrically if you need not access it anywhere where you might not have your private key at hand) with GPG with a very good password that you have learnt well, and put the file somewhere where you can find it when needed, such as your FTP site, your online backup service, CD, USB stick... wherever necessary so you will not lose it.
And when someone comes to you asking "what that password was again", you can look it up in that file -- or use it when you forget one of your own passwords.
This approach also allows you to regenerate those password regularly, which you are less likely to do if you absolutely have to remember them all.
A similar file is handy for all those login username / password pairs you need for every possible site these days. When I need to login to site X, I just write "gpg -d ~/pwsafe.gpg" and copy-paste.
Regards, Tero Pesonen
This I need to look into, what with local MySQL accounts, subversion authentication, rsync authentication, funambol authentication, Tomcat authentication, apache authentication and CMS authentication locally (and I am sure I will have forgotten something in that list:-) ), the only thing integrated to any extent is Samba/PAM/email. It would be nice to just login and use the stuff *sigh* - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkkyeMAACgkQasN0sSnLmgLOwwCgnsU5fGSLDIDZl+7ZbmR+rAGU H14AnRb2eUDkncEicHWGxccfZtm1ECt9 =ttbT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org