On 2015-10-11 20:01, Anton Aylward wrote:
On 10/11/2015 01:00 PM, Carlos E. R. wrote:
On 2015-10-11 15:35, Anton Aylward wrote:
I asked earlier "how paranoid are you?" The corollary is "how paranoid do you need to be?"
I'm basically worried about nosy-parker types.
Could you be more specific?
That broad a category probably takes in everyone on this list and every other opensuse list as well! We wouldn't be here if we weren't curious and inquisitive.
I'm curious, yes, but I have never tried to get the password of another person, nor look at his email, even when I have access. I'm very careful of what I do with another person computer (or phone). Before opening certain areas, I look at the face of the other person for confirmation, for instance.
heck, when I sign in at some hotels and B&Bs I look at who else had registered, not because I expect to see anyone I might know, but just because. Same with all the badges on the table when I sign in at conferences and trade shows. I read notices and want ads, not that I expect to see anything I want or jobs I can do. Some people read obituaries. Some read reviews of books they are unlikely to read.
But that information is "open". Maybe "nosy-parker" doesn't mean what I thought - after all, English is not my first language ;-)
Looking at this thread and the troubles people have I conclude these things:
a) having passwords on your email accounts, no matter what tools you use to access those accounts, be it Thunderbird, a webmail interface or some other mail user agent, is perfectly reasonable. The accounts are "out there on the net"
b) having a password or other identification & authentication method to log into your computer and so restricting access to your personal settings is perfectly reasonable
Yes, but "b" does not protect access to data on the disk when the system is not running. I consider that any password stored in files should itself be protected by encryption, because passwords are always sensitive material. It may not stop a motivated targeted attack, but it does stop most of the mild attempts.
c) as with (a), having passwords on other web based applications that you access though your web browser is perfectly reasonable
d) for (a) and (c), making use of a password store that automatically (aka 'make the computer do the work') deals with identification and authentication is quite reasonable. Especially as it implements a "single sign-on".
Corollary to (d)
Some systems, some applications, integrate this. They are useful only so far as they work properly.
e) the master password system for Thunderbird doesn't work properly. Thunderbird, as well as Firefox, can remember individual account identification & authentication, but this "single sign-on" is already under (a).
It works, with some nuisance caveats. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)