

Passwords Aren't As Secure As We Think - How to Fix That - kosofalla
http://lifehacker.com/5445101/your-passwords-arent-as-secure-as-you-think-heres-how-to-fix-that

======
sjs
"Having our passwords in plaintext is more secure than obfuscating them
precisely because, when a user is not misled by a false sense of security, he
is likely to use the software in a more secure manner."

I'm sorry but this is bullshit. The reason for the (admittedly weak)
obfuscation is to keep out the casual snooper, e.g. your little brother or
sister who shares the family computer. It's not meant to keep out a skilled
cracker, nor to protect those savvy enough to think about these issues.

Why do we geeks tend to only think about things from our perspective? I think
we should coin a phrase for it. Maybe the myth of the "sufficiently smart
user".

~~~
tedunangst
It's a tradeoff. "dumb user and smart attacker" vs "start user and dumb
attacker". Most users' assessment of security is "Could I break it?" which
isn't a very good standard in terms of protecting against even a slightly
savvy sibling who can download one of the programs mentioned.

~~~
sjs
You've missed an entire class of users. Believe it or not there are people who
know _nothing_. Literally. They don't understand that when they save their
password it's stored on their disk. They don't understand what a disk is, and
they don't understand what a file is. They don't have the luxury of even
thinking "could I break it", they are completely oblivious to the risks or how
any part of the system works. A computer is like a television to these people.
A black-box appliance.

I was baffled but there are people out there - not senior citizens but 20 year
olds - that really don't understand or care to understand any of that stuff.
It's a magic box to them. They have no idea chat histories are stored on disk
even though they see them in MSN. The fact that they have logged in makes them
think no one else can see them. Likewise the fact that their saved password is
stored is over their head unless someone explains it to them. Not everyone has
someone to tell them these things.

------
eli
I would hope most people here would realize that if you click "save password"
then your password is, well, saved...

Oh also, someone with physical access could just as well install a keylogger.
It's a pretty difficult threat to guard against.

------
Groxx
Yay for OSX, with nearly every app using your keychain (TDES encryption).
Centrally integrated, secure password storage should be standard in OSes by
now, as trusting every app (or website, without something like OpenID) to
store your password securely is ludicrous. That's like expecting every
programmer to be a security expert, and to make bug-free software (hint:
HAHAHAHAH).

"Having our passwords in plaintext is more secure than obfuscating them
precisely because, when a user is not misled by a false sense of security, he
is likely to use the software in a more secure manner."...

...is completely laughable. I'd be willing to bet that the VAST majority of
Pidgin users have no idea that their passwords aren't stored securely. To make
matters worse, I don't recall Pidgin ever warning me that its storage was
insecure, so they're not even _trying_ to educate their users.

And TrueCrypt is an awesome concept + tool. Gotta love the ability to have an
entire hard drive look like it's just random data. You can't get much better
security than that, as you can deny there's anything there, and "they" don't
even know where to begin.

------
j_lagof
I still prefer schemes without any kind of software for my passwords...
Something like that:

[http://blog.sucuri.net/2009/10/password-security-without-
pas...](http://blog.sucuri.net/2009/10/password-security-without-
password.html)

A javascript app for that would be good, btw :)

~~~
snprbob86

      echo “qwerty http://www.facebook.com” | md5
    

That will appear in plain text in your terminal history file. And, if you are
on a multi-user machine, even non-privileged users will be able to see your
command line.

You should never put any password or private key on a command line (any
command line, not just in your terminal). Instead, use the unix-standard
getpass function or it's equivalent in your language/library of choice.

~~~
j_lagof
I agree. What I said is that I do something similar to it, not exactly the
same.. I have a little shell script that I run:

./pass-site.sh <http://facebook.com>

" #!/bin/sh

SITE=$1 stty -echo read UPASS stty echo PASS=`sha1 "$SITE $UPASS"` echo "PASS:
$PASS" "

~~~
snprbob86
I think that is equally insecure. Won't the backticks run that command line
with $UPASS exposed as plain text in the process metadata?

------
pvg
"anyone with physical access to your PC" if that's the criterion, none of the
proposed remedies really help. Someone with physical access to your machine or
the ability to run privileged code will very likely get your passwords despite
the quality of your Firefox master password.

~~~
derefr
And this is a solved problem: if you don't want people analyzing your
preference files and/or caches, put at least one layer of encryption between
the two. All modern OSes support encrypting your home directory, and most of
them also support encrypting your hard drive in its entirety. In either case,
physical access becomes pretty useless.

~~~
pvg
None of this helps against physical access to your machine, at all.

~~~
derefr
I think we're talking about different definitions of "physical access"--you're
probably meaning "being able to type on the keyboard and have the computer
respond," while I just mean "being able to grab the HD and run." Encryption
protects you from physical espionage as long as the computer is off, and they
have to turn it on (and encounter the passphrase dialog.) Encryption doesn't
protect you when it has already been unlocked, of course.

~~~
idlewords
Yes, you're talking about a definition of 'physical access' you just made up
in order to salvage your argument, while everyone else (including the original
article) is using the commonly understood one of... well, having physical
access to the computer.

