[LINK] Guidance re Passwords

Roger Clarke Roger.Clarke at xamax.com.au
Wed Jul 27 20:18:27 AEST 2011 

G'day Ben

Off-list.

I can't use much of this in the present paper, given the target-audience.

But boy we don't half have some resources on this list.

Thanks!


At 19:20 +1000 27/7/11, Ben McGinnes wrote:
>
>On 27/07/11 6:55 PM, Roger Clarke wrote:
>>
>>  What approach do you take to the 'all the eggs in one basket'
>>  problem created by the use of a single (local) master-passphrase?
>
>I have the same issue with my GPG key(s), so mainly it's just
>maintaining the integrity of local systems.  The closest thing I have
>to a mainstream computer is the MacBookPro I'm sending this from,
>everything else runs Linux (with rigorous firewalling and access
>controls).
>
>>  A passphrase is less subject to visual-observation capture than a
>>  short password, but length is no protection against a
>>  keystroke-logger.
>
>True, but to install a keystroke logger would require either a full
>system compromise or physical access.  If either of those occur then
>I'll probably have bigger problems.  ;)
>
>>  And how do you manage multi-devices (portable, handheld,
>>  home/work/client's premises, public-place device-of-convenience,
>>  etc.)?
>
>When I'm working remotely I normally use the laptop connected via the
>mobile or WiFi.  If I haven't taken it with me it's because I don't
>want to be that connected at that time.  Besides, I hate touch
>screens, so I'm less likely to go the tablet/iPad route.  I do realise
>that I'm becoming more and more an exception there.
>
>I may revisit some of these other portable device when they include
>greater support for OpenPGP/GPG, which I consider essential these
>days.  I don't think any of them are there yet, certainly
>iPhones/iPads aren't and Android usage seems a bit temperamental on
>some of the other lists I'm on.
>
>
>Regards,
>Ben
>
>
>
>Content-Type: application/pgp-signature; name="signature.asc"
>Content-Description: OpenPGP digital signature
>Content-Disposition: attachment; filename="signature.asc"
>
>Attachment converted: Rincewind:signature 2.asc (    /    ) (00790A78)
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list