Email Security

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Email Security

<< < (3/3)

housetier:
I do not trust firefox to keep my sensitive information secure so I told to never store passwords or even form data. (I also disabled history for the address bar.)

Instead I use a command line tool that can put username and password into my clipboard. So I go to a website wher eI have to login; if I don't know the password I turn to my password safe and have put the pass into the clipboard. It watches the clipboard as well, so as soon as I have pasted the passwod into the form (or somewhere else) it erases the memory.

This is a complicated process, but it is the only one I find security acceptable. The password safe itself is strongly encrypted, even when it is loaded into memory. Only for a short time is the password in cleartext, and there is no way to avoid that.

When I am certain that no one else can use a program I also let the program store credentials, but only if I am certain is uses good encryption for this data.

Security is a process, so at any given time I might find it necessary to use a different password safe or never have any program store credentials. Security is also a lot about the user's mindset: you should be careful and aware, but never paranoid.

There is no 100% security, there is only the amount of time, effort, and money it takes to get to your data. Hence you cannot buy "Security" like a remedy for headaches. Personally I believe just by being more aware you can greatly decrease the risk to losing control over your data.

Oh yeah, like it was mentioned in the OP, I never never never use the same password twice. Not even for the smallest most unimportant throw-away account. There might be good reasons to reuse passwords, but they are most likely bad reasons. And doing something (or not doing something) for a bad reason is not being careful.

OK back to topic: If an email service does not provide TLS I do not use it.

f0dder:
OK back to topic: If an email service does not provide TLS I do not use it.-housetier (November 11, 2010, 12:24 PM)
--- End quote ---
Sounds a bit pointless, since transport between SMTP servers isn't TLS'ed.

(But OK, if you're un an unprotected wifi, at least other people in the coffee shop can't snoop on the mails you're reading).

Navigation

[0] Message Index

[*] Previous page

Go to full version