[LINK] Guidance re Passwords
Ben McGinnes
ben at adversary.org
Wed Jul 27 19:20:01 AEST 2011
On 27/07/11 6:55 PM, Roger Clarke wrote:
>
> What approach do you take to the 'all the eggs in one basket'
> problem created by the use of a single (local) master-passphrase?
I have the same issue with my GPG key(s), so mainly it's just
maintaining the integrity of local systems. The closest thing I have
to a mainstream computer is the MacBookPro I'm sending this from,
everything else runs Linux (with rigorous firewalling and access
controls).
> A passphrase is less subject to visual-observation capture than a
> short password, but length is no protection against a
> keystroke-logger.
True, but to install a keystroke logger would require either a full
system compromise or physical access. If either of those occur then
I'll probably have bigger problems. ;)
> And how do you manage multi-devices (portable, handheld,
> home/work/client's premises, public-place device-of-convenience,
> etc.)?
When I'm working remotely I normally use the laptop connected via the
mobile or WiFi. If I haven't taken it with me it's because I don't
want to be that connected at that time. Besides, I hate touch
screens, so I'm less likely to go the tablet/iPad route. I do realise
that I'm becoming more and more an exception there.
I may revisit some of these other portable device when they include
greater support for OpenPGP/GPG, which I consider essential these
days. I don't think any of them are there yet, certainly
iPhones/iPads aren't and Android usage seems a bit temperamental on
some of the other lists I'm on.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20110727/2e426357/attachment.sig>
More information about the Link
mailing list