[Lab] Plain text password

Darcy Whyte darcy at inventorartist.com
Fri Nov 13 10:46:19 EST 2015


Another idea might be to just change passwords (and not share passwords
between services).

The list is a constructive thing for the community. If you don't put your
bank password in it things should work out...



--
Darcy Whyte

Art+ inventorArtist.com <http://inventorartist.com/> | Aviation
rubber-power.com
Contact: darcy at inventorArtist.com | 613-563-3634 by appointment (no text)


On Fri, Nov 13, 2015 at 10:32 AM, Jaime Yu <jaime at jaimeyu.com> wrote:

> After the last email from Ryan, I've decided to unsubscribe.
>
> Thanks.
>
> On Tue, Nov 10, 2015, 18:02 Chris de Groot <cdegroot at adobe.com> wrote:
>
>> -1 and -1 on those statements. We should do better, but I understand(kind
>> of) if the larger group decides otherwise. Larger services (google etc) do
>> put more effort into security and we hear about them more because they are
>> required to notify the world when data loss occurs, but when they do loose
>> password databases now they are multi salted hashes which are even useless
>> to statistical analysis to understand population password trends. That and
>> they do multi identification, like locking to known user devices and sms
>> second channel authentication.
>>
>> I dislike the first statement and disagree with the second.
>>
>> C.
>>
>> From: Tom Burns <tom.i.burns at gmail.com>
>> Date: Tuesday, November 10, 2015 at 6:40 PM
>> To: Darcy Whyte <darcy at inventorartist.com>
>> Cc: Chris de Groot <cdegroot at adobe.com>, lab <lab at artengine.ca>,
>> Jean-Marc LeBlanc <jeanmarc.leblanc at gmail.com>
>>
>> Subject: Re: [Lab] Plain text password
>>
>> Yea, don't change anything please .  Hosted services get cracked all the
>> time and are bigger targets to begin with.
>>
>>
>> On Tuesday, 10 November 2015, Darcy Whyte <darcy at inventorartist.com>
>> wrote:
>>
>>> Yeah, the makerfaire was great...
>>>
>>> The list is working great too .:)
>>>
>>> Is secure enough just don't put your bank password or other important
>>> password in it..
>>>
>>>
>>>
>>> --
>>> Darcy Whyte
>>>
>>> Art+ inventorArtist.com <http://inventorartist.com/> | Aviation
>>> rubber-power.com
>>> Contact: darcy at inventorArtist.com | 613-563-3634 by appointment (no
>>> text)
>>>
>>>
>>> On Tue, Nov 10, 2015 at 1:00 PM, Chris de Groot <cdegroot at adobe.com>
>>> wrote:
>>>
>>>> Good personal password management is good and important. I think we need
>>>> to stop managing our own mail lists. We are makers and should focus on
>>>> making fun stuff (great faire over the weekend BTW). Lets outsource this
>>>> to a service that does the security and day to day updates for us.
>>>>
>>>> C.
>>>>
>>>> On 11/10/15, 12:35 PM, "Justin Hornosty" <jjrh70 at gmail.com> wrote:
>>>>
>>>> >
>>>> >Chris de Groot writes:
>>>> >
>>>> >> My recommendation is we must figure out a way to secure the
>>>> >> passwords. It's cool and stuff to run the service, but it is too much
>>>> >> of a danger as it stands today, we must assume it will get stolen and
>>>> >> that not everyone will read the notes on how to select a password for
>>>> >> the mail list. I think it would be valid to consider a hosted
>>>> >> community service that takes away all these responsibilities from the
>>>> >> folk who provide enough time to keep it running, but maybe not enough
>>>> >> time to keep it safe. Google groups maybe an option.
>>>> >
>>>> >Someone else had said that the fix is easy - you update the mailman.
>>>> >
>>>> >
>>>> http://wiki.list.org/DOC/How%20do%20I%20turn%20off%20passwords%20completel
>>>> >y%3F
>>>> >
>>>> >I personally use: http://www.passwordstore.org/ and pwgen
>>>> >http://linux.die.net/man/1/pwgen (I think pass has this built in
>>>> >actually) to manage passwords for various websites.
>>>> >
>>>> >There are other ones out there, but 'pass' has the advantage of running
>>>> >in the command line and uses standard GPG encryption.
>>>> >
>>>> >-jjrh
>>>>
>>>> _______________________________________________
>>>> Lab mailing list
>>>> 1. subscribe http://artengine.ca/mailman/listinfo/lab
>>>> 2. then email Lab at artengine.ca to send your message to the list
>>>>
>>>
>>> _______________________________________________
>> Lab mailing list
>> 1. subscribe http://artengine.ca/mailman/listinfo/lab
>> 2. then email Lab at artengine.ca to send your message to the list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://artengine.ca/pipermail/lab/attachments/20151113/ed154b2a/attachment.html>


More information about the Lab mailing list