On 10/11/2015 01:00 PM, Carlos E. R. wrote:
On 2015-10-11 15:35, Anton Aylward wrote:
I asked earlier "how paranoid are you?" The corollary is "how paranoid do you need to be?"
I'm basically worried about nosy-parker types.
Could you be more specific? That broad a category probably takes in everyone on this list and every other opensuse list as well! We wouldn't be here if we weren't curious and inquisitive. heck, when I sign in at some hotels and B&Bs I look at who else had registered, not because I expect to see anyone I might know, but just because. Same with all the badges on the table when I sign in at conferences and trade shows. I read notices and want ads, not that I expect to see anything I want or jobs I can do. Some people read obituaries. Some read reviews of books they are unlikely to read. Some people "window shop' or even look in the stores at goods they are unlikely to buy and couldn't afford anyway (think fast, red cars). But suppose you turn your machine off or log out or have a password protected screen saver when you walk away from the machine, so the casual passer by can't see what's there. The kind of person that would make off with your hard drive, crack your password to log in, or hack through your firewall and -- somehow despite closed ports -- into your desktop machine, targeting you in particular, is clearly a different person. You are being targeted. There is some object to all that effort, not just a passer-by type "nosy-parker". I can turn off my machine (etc, etc) as a defence against "nosy-parker" types. But if someone has deliberate intent, they are willing to go to extreme, "non-casual" lengths to obtain my email and or email passwords, that is something else. that requires a more "paranoid" attitude. Some security professionals say about themselves "I'm paid to be paranoid". These are the people that assume they or their employers are being targeted, and looking at the reports in the media they are justified in going to extreme lengths. Looking at this thread and the troubles people have I conclude these things: a) having passwords on your email accounts, no matter what tools you use to access those accounts, be it Thunderbird, a webmail interface or some other mail user agent, is perfectly reasonable. The accounts are "out there on the net" b) having a password or other identification & authentication method to log into your computer and so restricting access to your personal settings is perfectly reasonable c) as with (a), having passwords on other web based applications that you access though your web browser is perfectly reasonable d) for (a) and (c), making use of a password store that automatically (aka 'make the computer do the work') deals with identification and authentication is quite reasonable. Especially as it implements a "single sign-on". Corollary to (d) Some systems, some applications, integrate this. They are useful only so far as they work properly. e) the master password system for Thunderbird doesn't work properly. Thunderbird, as well as Firefox, can remember individual account identification & authentication, but this "single sign-on" is already under (a). If every application I used demanded authentication over and over again I'd get very frustrated. Part of the appeal of tablet/phone systems is that they do the "single sign-on" very well. Late models do biometrics well Lets not pretend that that stealing the storage (be it your hard drive or your phone/tablet) won't give the criminal perpetrator your information! On my tablet I use AquaMail and recommend it! YMMV. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org