[Users] [Bulk] Re: Command line password update?

Kevin Chadwick ma1l1ists at yahoo.co.uk
Sat Sep 22 17:31:38 CEST 2012

> > > If the stolen PC was being used by the thief, then he/she must have
> > > either known or been able to crack the password to access the
> > > machine. I do hope that your friend was not so stupid (naive) as to
> > > not have had a bonafide password in place.
> > >   
> > I assume your drive is encrypted but putting all your passwords in one
> > basket means a compromise is a bigger headache but you can go to
> > greater length to prevent that.
> >   
> > > The only PC that I have that could conceivable be easily stolen
> > > would be my laptop. It is running Windows7 and requires facial
> > > recognition to access the PC. Perhaps your friend might want to
> > > consider adding some additional security to his replacement PC ASAP.  
> > 
> > Hee hee, Facial recognition, the security that 6 year olds
> > have broken.
> > 
> > To the OP, the key for the passwords and the code is in the source
> > code. I guess a replace all passwords tool or function would be
> > handy. I have additional security measures but still use passwords in
> > the client.  
> Interesting Kevin; do you have any verifiable statistics to back up
> your claim? I don't know of any six year old that could accomplish
> that feat. I have had between 30 and 40 people, with my permission of
> course, attempt to gain access to my laptop. They all failed. Hell,
> twice it even gave me a hard time logging in. Perhaps the units your
> six year old hacked into had the threshold for recognition set
> ridiculously low.

Were you drunk the night before ;-)

It will obviously depend on the implementation and settings but
personally I wouldn't trust it just like fingerprints which you leave
everywhere, though for low level security the convenience is appealing
and makes it useful especially if you wouldn't use a pass code
otherwise or set a long timeout. You want evidence of it being attacked
and still secure, not evidence that it's insecure for security

The news story I saw was of a 6 year old son using a picture of his dad
to unlock his phone to play a game. If you test I'd try one without
glass. Easy to fix this for the software devs but hardly the end of
the game.


'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

More information about the Users mailing list