[Lab] Plain text password

Chris de Groot cdegroot at adobe.com
Tue Nov 10 18:01:57 EST 2015


-1 and -1 on those statements. We should do better, but I understand(kind of) if the larger group decides otherwise. Larger services (google etc) do put more effort into security and we hear about them more because they are required to notify the world when data loss occurs, but when they do loose password databases now they are multi salted hashes which are even useless to statistical analysis to understand population password trends. That and they do multi identification, like locking to known user devices and sms second channel authentication.

I dislike the first statement and disagree with the second.

C.

From: Tom Burns <tom.i.burns at gmail.com<mailto:tom.i.burns at gmail.com>>
Date: Tuesday, November 10, 2015 at 6:40 PM
To: Darcy Whyte <darcy at inventorartist.com<mailto:darcy at inventorartist.com>>
Cc: Chris de Groot <cdegroot at adobe.com<mailto:cdegroot at adobe.com>>, lab <lab at artengine.ca<mailto:lab at artengine.ca>>, Jean-Marc LeBlanc <jeanmarc.leblanc at gmail.com<mailto:jeanmarc.leblanc at gmail.com>>
Subject: Re: [Lab] Plain text password

Yea, don't change anything please .  Hosted services get cracked all the time and are bigger targets to begin with.


On Tuesday, 10 November 2015, Darcy Whyte <darcy at inventorartist.com<mailto:darcy at inventorartist.com>> wrote:
Yeah, the makerfaire was great...

The list is working great too .:)

Is secure enough just don't put your bank password or other important password in it..



--
Darcy Whyte

Art+ inventorArtist.com<http://inventorartist.com/> | Aviation rubber-power.com<http://rubber-power.com/>
Contact: darcy at inventorArtist.com<javascript:_e(%7B%7D,'cvml','darcy at inventorArtist.com');> | 613-563-3634 by appointment (no text)


On Tue, Nov 10, 2015 at 1:00 PM, Chris de Groot <cdegroot at adobe.com<javascript:_e(%7B%7D,'cvml','cdegroot at adobe.com');>> wrote:
Good personal password management is good and important. I think we need
to stop managing our own mail lists. We are makers and should focus on
making fun stuff (great faire over the weekend BTW). Lets outsource this
to a service that does the security and day to day updates for us.

C.

On 11/10/15, 12:35 PM, "Justin Hornosty" <jjrh70 at gmail.com<javascript:_e(%7B%7D,'cvml','jjrh70 at gmail.com');>> wrote:

>
>Chris de Groot writes:
>
>> My recommendation is we must figure out a way to secure the
>> passwords. It's cool and stuff to run the service, but it is too much
>> of a danger as it stands today, we must assume it will get stolen and
>> that not everyone will read the notes on how to select a password for
>> the mail list. I think it would be valid to consider a hosted
>> community service that takes away all these responsibilities from the
>> folk who provide enough time to keep it running, but maybe not enough
>> time to keep it safe. Google groups maybe an option.
>
>Someone else had said that the fix is easy - you update the mailman.
>
>http://wiki.list.org/DOC/How%20do%20I%20turn%20off%20passwords%20completel
>y%3F
>
>I personally use: http://www.passwordstore.org/ and pwgen
>http://linux.die.net/man/1/pwgen (I think pass has this built in
>actually) to manage passwords for various websites.
>
>There are other ones out there, but 'pass' has the advantage of running
>in the command line and uses standard GPG encryption.
>
>-jjrh

_______________________________________________
Lab mailing list
1. subscribe http://artengine.ca/mailman/listinfo/lab
2. then email Lab at artengine.ca<javascript:_e(%7B%7D,'cvml','Lab at artengine.ca');> to send your message to the list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://artengine.ca/pipermail/lab/attachments/20151110/cf5d9b56/attachment.html>


More information about the Lab mailing list