ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Use a unique password for this site

<< < (5/6) > >>

db90h:
Yea, that's why I send my mail on post cards.

It's a simple security thing. Easier to secure everything than cherry-pick. That's all.

Surely certain portions will be broken as necessary, man-in-the-middle attacks from a legit CA, etc.. the NSA will always have their ways.

But security isn't about 'criminals', it's about online safety and privacy, especially for those who live in countries where their political affiliation this year could cost them their life the next.

rgdot:
Credit card numbers and passwords need to be one time things that are set up, requested, delivered to you via secondary protected apps. Something like this exists via few banks/credit card issuers but needs to be expanded in a big comprehensive way. Sort of 2FA on steroids.

Stoic Joker:
But security isn't about 'criminals', it's about online safety and privacy, especially for those who live in countries where their political affiliation this year could cost them their life the next.-db90h (March 07, 2015, 05:00 PM)
--- End quote ---

...And that's my point. If you can't keep the alphabet soup crowd out - and you can't - then the entire exorcise becomes pointless.

Renegade:
Please allow me to emphasise this a bit more because @db90h has brought up some really, very important security issues:

Yea, rainbow tables are the term you are looking for ;).
-db90h (March 07, 2015, 11:37 AM)
--- End quote ---

For those not familiar, a rainbow table is a list of hash values for strings (passwords). So, if your password is hashed, the attacker just looks it up in a rainbow table in, oh, like, it's done now, so, next. It's a very powerful attack.

They are, again, hopefully, neutralized by appropriately salting the hashed password.
-db90h (March 07, 2015, 11:37 AM)
--- End quote ---

For those not familiar with a salt, salts are just strings that are added to passwords before they are hashed. The resulting hash value is different than the simple password hash. As such, rainbow tables are useless.

Now, if a single salt is used, a rainbow table can be created for that specific site/salt. And, if individual salts are used, the site itself needs to be compromised (with a database dump or something similar in effect).

tl;dr - If you don't already understand what a rainbow table is, do look into it because it's a critical point in password security.

@db90h - Good call in pointing those out. (And the other bits as well.)

Renegade:
But security isn't about 'criminals', it's about online safety and privacy, especially for those who live in countries where their political affiliation this year could cost them their life the next.-db90h (March 07, 2015, 05:00 PM)
--- End quote ---

...And that's my point. If you can't keep the alphabet soup crowd out - and you can't - then the entire exorcise becomes pointless.
-Stoic Joker (March 07, 2015, 10:06 PM)
--- End quote ---

Not entirely pointless. Just pointless if they're interested in you or they make a mistake. :)


BTW - Does anyone have any worries about 2FA?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version