OT: Dont be fooled
John and Jane each have accounts at forty different Websites. John uses the same password at all of them because it is too difficult to maintain multiple passwords in his head, while Jane uses a password manager to ensure she can use a different password for each site without having to remember any of them. Both of them have memberships at example.com, and by some twist of fate they both end up using the same password, OJ01GzVWR5. In fact, they both use the exact same forty Websites. Along comes Pat, a malicious security cracker. Pat manages to bypass the incredibly deficient security at example.com and download the unencrypted database of usernames and passwords. With this database in Pat’s grasp, the malicious security cracker makes a list of a hundred high-value Websites, mostly including financial institutions. Pat starts running the username and password pairs in the unauthorized copy of the authentication database. Because Pat’s strategy involves entering each username and password combination only once, a direct attempt to access each of the hundred sites once per account name is all that is needed. This neatly avoids problems like the potential of being locked out of a highly secured site. In fact, it turns most sites — however well-designed — into a trivial exercise to access under someone else’s credentials, as long as some people use the same username and password everywhere. The end result is that Jane’s bank account remains secure, while John’s gets cleaned out the next day, and it is all because he took the advice of some security “expert” whose credentials largely consist of a piece of sheepskin and a job at a big-name security vendor that does not actually produce anything innovative. Sometimes, though, when advice sounds too good to be true, that is because it is not true. The perfect example is when someone tells you that you do not need unique passwords to be secure.
That's why I keep my money safely under my mattress... On 11/30/10, imelda <mueni0@gmail.com> wrote:
John and Jane each have accounts at forty different Websites. John uses the same password at all of them because it is too difficult to maintain multiple passwords in his head, while Jane uses a password manager to ensure she can use a different password for each site without having to remember any of them.
Both of them have memberships at example.com, and by some twist of fate they both end up using the same password, OJ01GzVWR5. In fact, they both use the exact same forty Websites. Along comes Pat, a malicious security cracker. Pat manages to bypass the incredibly deficient security at example.com and download the unencrypted database of usernames and passwords.
With this database in Pat’s grasp, the malicious security cracker makes a list of a hundred high-value Websites, mostly including financial institutions. Pat starts running the username and password pairs in the unauthorized copy of the authentication database.
Because Pat’s strategy involves entering each username and password combination only once, a direct attempt to access each of the hundred sites once per account name is all that is needed. This neatly avoids problems like the potential of being locked out of a highly secured site. In fact, it turns most sites — however well-designed — into a trivial exercise to access under someone else’s credentials, as long as some people use the same username and password everywhere.
The end result is that Jane’s bank account remains secure, while John’s gets cleaned out the next day, and it is all because he took the advice of some security “expert” whose credentials largely consist of a piece of sheepskin and a job at a big-name security vendor that does not actually produce anything innovative.
Sometimes, though, when advice sounds too good to be true, that is because it is not true. The perfect example is when someone tells you that you do not need unique passwords to be secure.
@ Claire lol :-) On Tue, Nov 30, 2010 at 2:12 PM, Claire Njoki <clairenjoki@gmail.com> wrote:
That's why I keep my money safely under my mattress...
On 11/30/10, imelda <mueni0@gmail.com> wrote:
John and Jane each have accounts at forty different Websites. John uses the same password at all of them because it is too difficult to maintain multiple passwords in his head, while Jane uses a password manager to ensure she can use a different password for each site without having to remember any of them.
Both of them have memberships at example.com, and by some twist of fate they both end up using the same password, OJ01GzVWR5. In fact, they both use the exact same forty Websites. Along comes Pat, a malicious security cracker. Pat manages to bypass the incredibly deficient security at example.comand download the unencrypted database of usernames and passwords.
With this database in Pat’s grasp, the malicious security cracker makes a list of a hundred high-value Websites, mostly including financial institutions. Pat starts running the username and password pairs in the unauthorized copy of the authentication database.
Because Pat’s strategy involves entering each username and password combination only once, a direct attempt to access each of the hundred sites once per account name is all that is needed. This neatly avoids problems like the potential of being locked out of a highly secured site. In fact, it turns most sites — however well-designed — into a trivial exercise to access under someone else’s credentials, as long as some people use the same username and password everywhere.
The end result is that Jane’s bank account remains secure, while John’s gets cleaned out the next day, and it is all because he took the advice of some security “expert” whose credentials largely consist of a piece of sheepskin and a job at a big-name security vendor that does not actually produce anything innovative.
Sometimes, though, when advice sounds too good to be true, that is because it is not true. The perfect example is when someone tells you that you do not need unique passwords to be secure.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
I also use the same username and password for registering into forums and discussion boards but use very 'secure passwords' for more 'important' sites On Tue, Nov 30, 2010 at 2:16 PM, Ruth Were <nafuna@gmail.com> wrote:
@ Claire lol :-)
On Tue, Nov 30, 2010 at 2:12 PM, Claire Njoki <clairenjoki@gmail.com>wrote:
That's why I keep my money safely under my mattress...
On 11/30/10, imelda <mueni0@gmail.com> wrote:
John and Jane each have accounts at forty different Websites. John uses the same password at all of them because it is too difficult to maintain multiple passwords in his head, while Jane uses a password manager to ensure she can use a different password for each site without having to remember any of them.
Both of them have memberships at example.com, and by some twist of fate they both end up using the same password, OJ01GzVWR5. In fact, they both use the exact same forty Websites. Along comes Pat, a malicious security cracker. Pat manages to bypass the incredibly deficient security at example.comand download the unencrypted database of usernames and passwords.
With this database in Pat’s grasp, the malicious security cracker makes a list of a hundred high-value Websites, mostly including financial institutions. Pat starts running the username and password pairs in the unauthorized copy of the authentication database.
Because Pat’s strategy involves entering each username and password combination only once, a direct attempt to access each of the hundred sites once per account name is all that is needed. This neatly avoids problems like the potential of being locked out of a highly secured site. In fact, it turns most sites — however well-designed — into a trivial exercise to access under someone else’s credentials, as long as some people use the same username and password everywhere.
The end result is that Jane’s bank account remains secure, while John’s gets cleaned out the next day, and it is all because he took the advice of some security “expert” whose credentials largely consist of a piece of sheepskin and a job at a big-name security vendor that does not actually produce anything innovative.
Sometimes, though, when advice sounds too good to be true, that is because it is not true. The perfect example is when someone tells you that you do not need unique passwords to be secure.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Be the change you want to see in the world.
@Claire.. mattress? that's so last century. I dug a hole in the floor ;) Watchman is watching. On Tue, Nov 30, 2010 at 2:22 PM, Tony Ndegwa <mzeeantoh@gmail.com> wrote:
I also use the same username and password for registering into forums and discussion boards but use very 'secure passwords' for more 'important' sites
On Tue, Nov 30, 2010 at 2:16 PM, Ruth Were <nafuna@gmail.com> wrote:
@ Claire lol :-)
On Tue, Nov 30, 2010 at 2:12 PM, Claire Njoki <clairenjoki@gmail.com>wrote:
That's why I keep my money safely under my mattress...
On 11/30/10, imelda <mueni0@gmail.com> wrote:
John and Jane each have accounts at forty different Websites. John uses the same password at all of them because it is too difficult to maintain multiple passwords in his head, while Jane uses a password manager to ensure she can use a different password for each site without having to remember any of them.
Both of them have memberships at example.com, and by some twist of fate they both end up using the same password, OJ01GzVWR5. In fact, they both use the exact same forty Websites. Along comes Pat, a malicious security cracker. Pat manages to bypass the incredibly deficient security at example.comand download the unencrypted database of usernames and passwords.
With this database in Pat’s grasp, the malicious security cracker makes a list of a hundred high-value Websites, mostly including financial institutions. Pat starts running the username and password pairs in the unauthorized copy of the authentication database.
Because Pat’s strategy involves entering each username and password combination only once, a direct attempt to access each of the hundred sites once per account name is all that is needed. This neatly avoids problems like the potential of being locked out of a highly secured site. In fact, it turns most sites — however well-designed — into a trivial exercise to access under someone else’s credentials, as long as some people use the same username and password everywhere.
The end result is that Jane’s bank account remains secure, while John’s gets cleaned out the next day, and it is all because he took the advice of some security “expert” whose credentials largely consist of a piece of sheepskin and a job at a big-name security vendor that does not actually produce anything innovative.
Sometimes, though, when advice sounds too good to be true, that is because it is not true. The perfect example is when someone tells you that you do not need unique passwords to be secure.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Be the change you want to see in the world.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ...and I shall shed my light over dark evil. For the dark things cannot stand the light.
On Tue, Nov 30, 2010 at 4:29 PM, Watchman <skunkingrahim@gmail.com> wrote:
@Claire.. mattress? that's so last century. I dug a hole in the floor ;)
How about a "secret" m-pesa account? That's for this century;-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
participants (6)
-
Claire Njoki -
imelda -
Odhiambo Washington -
Ruth Were -
Tony Ndegwa -
Watchman