<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>-1 and -1 on those statements. We should do better, but I understand(kind of) if the larger group decides otherwise. Larger services (google etc) do put more effort into security and we hear about them more because they are required to notify the world
when data loss occurs, but when they do loose password databases now they are multi salted hashes which are even useless to statistical analysis to understand population password trends. That and they do multi identification, like locking to known user devices
and sms second channel authentication.</div>
<div><br>
</div>
<div>I dislike the first statement and disagree with the second.</div>
<div><br>
</div>
<div>C.</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Tom Burns <<a href="mailto:tom.i.burns@gmail.com">tom.i.burns@gmail.com</a>><br>
<span style="font-weight:bold">Date: </span>Tuesday, November 10, 2015 at 6:40 PM<br>
<span style="font-weight:bold">To: </span>Darcy Whyte <<a href="mailto:darcy@inventorartist.com">darcy@inventorartist.com</a>><br>
<span style="font-weight:bold">Cc: </span>Chris de Groot <<a href="mailto:cdegroot@adobe.com">cdegroot@adobe.com</a>>, lab <<a href="mailto:lab@artengine.ca">lab@artengine.ca</a>>, Jean-Marc LeBlanc <<a href="mailto:jeanmarc.leblanc@gmail.com">jeanmarc.leblanc@gmail.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [Lab] Plain text password<br>
</div>
<div><br>
</div>
<div>
<div>Yea, don't change anything please <span></span>. Hosted services get cracked all the time and are bigger targets to begin with.
<div><br>
<br>
On Tuesday, 10 November 2015, Darcy Whyte <<a href="mailto:darcy@inventorartist.com">darcy@inventorartist.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Yeah, the makerfaire was great...
<div><br>
</div>
<div>The list is working great too .:)</div>
<div><br>
</div>
<div>Is secure enough just don't put your bank password or other important password in it..</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr"><br>
<div>
<div><br>
</div>
<div>
<div>--</div>
<div>Darcy Whyte</div>
<div><br>
</div>
<div>Art+ <a href="http://inventorartist.com/" target="_blank">inventorArtist.com</a> | Aviation <a href="http://rubber-power.com/" target="_blank">rubber-power.com</a></div>
<div>Contact: <a href="javascript:_e(%7B%7D,'cvml','darcy@inventorArtist.com');" target="_blank">darcy@inventorArtist.com</a> | 613-563-3634 by appointment (no text)</div>
</div>
</div>
<div><br>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Tue, Nov 10, 2015 at 1:00 PM, Chris de Groot <span dir="ltr">
<<a href="javascript:_e(%7B%7D,'cvml','cdegroot@adobe.com');" target="_blank">cdegroot@adobe.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Good personal password management is good and important. I think we need<br>
to stop managing our own mail lists. We are makers and should focus on<br>
making fun stuff (great faire over the weekend BTW). Lets outsource this<br>
to a service that does the security and day to day updates for us.<br>
<span><font color="#888888"><br>
C.<br>
</font></span>
<div>
<div><br>
On 11/10/15, 12:35 PM, "Justin Hornosty" <<a href="javascript:_e(%7B%7D,'cvml','jjrh70@gmail.com');" target="_blank">jjrh70@gmail.com</a>> wrote:<br>
<br>
><br>
>Chris de Groot writes:<br>
><br>
>> My recommendation is we must figure out a way to secure the<br>
>> passwords. It's cool and stuff to run the service, but it is too much<br>
>> of a danger as it stands today, we must assume it will get stolen and<br>
>> that not everyone will read the notes on how to select a password for<br>
>> the mail list. I think it would be valid to consider a hosted<br>
>> community service that takes away all these responsibilities from the<br>
>> folk who provide enough time to keep it running, but maybe not enough<br>
>> time to keep it safe. Google groups maybe an option.<br>
><br>
>Someone else had said that the fix is easy - you update the mailman.<br>
><br>
><a href="http://wiki.list.org/DOC/How%20do%20I%20turn%20off%20passwords%20completel" rel="noreferrer" target="_blank">http://wiki.list.org/DOC/How%20do%20I%20turn%20off%20passwords%20completel</a><br>
>y%3F<br>
><br>
>I personally use: <a href="http://www.passwordstore.org/" rel="noreferrer" target="_blank">
http://www.passwordstore.org/</a> and pwgen<br>
><a href="http://linux.die.net/man/1/pwgen" rel="noreferrer" target="_blank">http://linux.die.net/man/1/pwgen</a> (I think pass has this built in<br>
>actually) to manage passwords for various websites.<br>
><br>
>There are other ones out there, but 'pass' has the advantage of running<br>
>in the command line and uses standard GPG encryption.<br>
><br>
>-jjrh<br>
<br>
_______________________________________________<br>
Lab mailing list<br>
1. subscribe <a href="http://artengine.ca/mailman/listinfo/lab" rel="noreferrer" target="_blank">
http://artengine.ca/mailman/listinfo/lab</a><br>
2. then email <a href="javascript:_e(%7B%7D,'cvml','Lab@artengine.ca');" target="_blank">
Lab@artengine.ca</a> to send your message to the list<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
</div>
</div>
</span>
</body>
</html>