[Users] [Bulk] Re: Command line password update?

Kevin Chadwick ma1l1ists at yahoo.co.uk
Sat Sep 22 17:31:38 CEST 2012


> > > If the stolen PC was being used by the thief, then he/she must have
> > > either known or been able to crack the password to access the
> > > machine. I do hope that your friend was not so stupid (naive) as to
> > > not have had a bonafide password in place.
> > >   
> > I assume your drive is encrypted but putting all your passwords in one
> > basket means a compromise is a bigger headache but you can go to
> > greater length to prevent that.
> >   
> > > The only PC that I have that could conceivable be easily stolen
> > > would be my laptop. It is running Windows7 and requires facial
> > > recognition to access the PC. Perhaps your friend might want to
> > > consider adding some additional security to his replacement PC ASAP.  
> > 
> > Hee hee, Facial recognition, the security that 6 year olds
> > have broken.
> > 
> > To the OP, the key for the passwords and the code is in the source
> > code. I guess a replace all passwords tool or function would be
> > handy. I have additional security measures but still use passwords in
> > the client.  
> 
> Interesting Kevin; do you have any verifiable statistics to back up
> your claim? I don't know of any six year old that could accomplish
> that feat. I have had between 30 and 40 people, with my permission of
> course, attempt to gain access to my laptop. They all failed. Hell,
> twice it even gave me a hard time logging in. Perhaps the units your
> six year old hacked into had the threshold for recognition set
> ridiculously low.

Were you drunk the night before ;-)

It will obviously depend on the implementation and settings but
personally I wouldn't trust it just like fingerprints which you leave
everywhere, though for low level security the convenience is appealing
and makes it useful especially if you wouldn't use a pass code
otherwise or set a long timeout. You want evidence of it being attacked
and still secure, not evidence that it's insecure for security
mechanisms.

The news story I saw was of a 6 year old son using a picture of his dad
to unlock his phone to play a game. If you test I'd try one without
glass. Easy to fix this for the software devs but hardly the end of
the game.

-- 
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
_______________________________________________________________________



More information about the Users mailing list