[brlug-general] Email passwords are.. special?

Dustin Puryear dustin at puryear-it.com
Thu Feb 15 15:34:20 CST 2007 

Let's keep in mind that I never said that having multiple passwords
*was* the solution. I'm just looking for ideas. So, keep them coming.
;-)

---
Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414
http://www.puryear-it.com

Author:
  "Best Practices for Managing Linux and UNIX Servers"
  "Spam Fighting and Email Security in the 21st Century"

Download your free copies:
  http://www.puryear-it.com/publications.htm


Thursday, February 15, 2007, 3:30:55 PM, you wrote:

>    
>  Tim Fournet wrote: 
>   
> I've checked with four different email applications on the Palm Treo, as
> well as some available on the Blackberry, and none of them show the 
> password as cleartext on the config screens. Sure, someone could 
> conceivably hook up the device to a reader, perform a hex dump of the 
> contents of the memory, and the passwords are probably visibly in there;
> but my point is that by the time this can be done, a user can change his
> password ---- as long as he knows how and when to change it! Giving him
> a password that is "just for email" doesn't necessarily make his "real"
> password more secure, because he can store that on the PDA just as well
>  
>  None of these mitigation activities get around the fact that 
>  1) some users are stupid
>  and
>  2) some vendors are stupid and have buggy/easily broken applications.
>  
>  I don't necessarily see having multiple passwords as doing much to help the situation.
>  
>  The DoD is starting to require two factor authentication. Users
> must log in with smart cards and use a password. So you have to have
> the card and the password.  Even their webmail and VPNs are accessed that way.  
>  
>   
> Shannon Roddy wrote: 
>   
>   
> On 2/15/07, Tim Fournet <tfournet at tfour.net> wrote: 
>   
>   
>  I doubt many devices actually store the passwords in an
> easy-to-access cleartext sort of way. 
>   
>   
> Umm... wrong answer.  ;-)   You'd be surprised.

> _______________________________________________
> General mailing
> listGeneral at brlug.nethttp://mail.brlug.net/mailman/listinfo/general_brlug.net
>   
>   
> _______________________________________________
> General mailing
> listGeneral at brlug.nethttp://mail.brlug.net/mailman/listinfo/general_brlug.net
>  
>  
>  
>

More information about the General mailing list