[Tfug] Why would *anyone* leave a door open?

John Gruenenfelder johng at as.arizona.edu
Fri Aug 28 12:09:52 MST 2009


On Fri, Aug 28, 2009 at 11:34:11AM -0700, Bexley Hall wrote:
>I have probably a dozen machines that I use on a regular basis.
>That doesn't count other online accounts, etc.  (note that I
>have *no* online banking, credit card, utility, etc. accounts
>which would only add to the number of "secrets")  I don't have
>duplicate passwords.  All of them contain nonalphanumeric
>charactes, etc.  And none are "written down".  Great!  *But*,
>relying on brute force memory means I simply can't afford to
>change them often!  So, regardless of how many of the "right"
>things I do, I can't do *all* of them (without resorting to
>pen and paper, etc.)

I'm not nearly as secure or methodical about my passwords as that... though I
suppose I should try a little harder.

Still, I tend to have lots of Net accounts spread all over the place for
various functions.  Even when using duplicate passwords (sometimes), one of my
biggest problems is remembering just what the hell my user name is on
system/site X.  The bigger the Net, the larger the number of sites and users,
the bigger the problem of getting something unique that *you* want (because
you'll be more likely to remember it).

So, I've finally resorted to storing all this critical information in a text
file on my file server.

But... I keep my home directory on an encrypted filesystem with a lengthy and
unique passphrase.  That means that every time the machine boots it is
unaccessible until I log in, become root, and run my mount script which does
all the setup and unlocks/mounts the thing.

I find this to be a useful setup.  I can keep all my important data on the
encrypted filesystem and be relatively sure about its safety.  Having only my
home directory encrypted also means that the machine can boot on its own
(unlike my laptop which is fully encrypted and needs the passphrase just to
boot).  Useful for when I need to remotely reboot it.

Of course, I typically keep the thing unlocked and mounted the whole time the
machine is on, so if somebody was able to break in via the Net they could get
it.  But it's plenty sufficient for somebody with physical access.


-- 
--John Gruenenfelder    Systems Manager, MKS Imaging Technology, LLC.
Try Weasel Reader for PalmOS  --  http://weaselreader.org
"This is the most fun I've had without being drenched in the blood
of my enemies!"
        --Sam of Sam & Max




More information about the tfug mailing list