I just love having access to my email and bank account, knowing that it is almost unhackable. I installed 8.04 recently, and immediately updated all my passwords and installed Firestarter (I now WHITELIST traffic). I also avoid random browsing.

I make sure all my passwords have letters, numbers and at least one capital. They are all over 8 characters long. My mail provider ranks it as "strong". An old one of mine was this: z90Q473zx

I have these passwords written down, but it is done on a sheet which has old passwords and heaps of other useless trash. If someone wanted to find my current passwords then they'd have to spend hours. And if someone did find it, I'd probably know who it was :lolflag:

My screen also locks itself after 10 mins of inactivity.

Anyone else here have the same attitude, or are you all <snip> who don't care about security?

I would suggest that you put in special characters. IE: !,@,#,$,%, etc

I would suggest that you put in special characters. IE: !,@,#,$,%, etc

Good point. I guess most apps support that these days. Even so, I'm pretty sure it would still take days to crack my current ones - especially at the rate in which I change them.

Good point. I guess most apps support that these days. Even so, I'm pretty sure it would still take days to crack my current ones - especially at the rate in which I change them.

Your account is easy to hack into. See, I just did it. I left no trace and changed nothing. In and out like a ghost.

I refuse to even use online banking anymore. Its not safe

I use GPG to encrypt all of my passwords in a file. It is safer than storing them on a sheet of paper or unencrypted file.

By the way, if you want to see if you passwords could ever be cracked, give them to John the Ripper and let him have his hand at them :)

Strong passwords don't mean much if your security question is easy to guess. You should stretch your paranoia into those too.

i generally use something close to 64 ASCII characters when it's important.

there's a cool program you can use to generate passwords called APG (Automated Password Generator)

here are some online versions of APG -
http://www.adel.nursat.kz/apg/online/index.php
and this is the home page -
http://www.adel.nursat.kz/apg/

i've never actually done any online banking though, i don't trust my bank to be secure online.

EDIT you can use a secure thumb drive if you need to carry around long passwords. you can use ironkey.

i haven't listened to this podcast, i probably will, but i think they're talking about a secure thunb drive
http://www.grc.com/sn/SN-143.htm

here's a podcast about IronKey
http://www.grc.com/sn/SN-135.htm

https://www.ironkey.com/
http://www.yubico.com

Even so, I'm pretty sure it would still take days to crack my current ones

You can test how long it takes to crack passwords with certain traits (I.E: Capital letters, numbers, etc) at the Online Password Calculator (http://lastbit.com/pswcalc.asp) located here

I don't do it (young memory :) ), but writing down passwords isn't that bad. If someone has physical access to your computer, you're screwed anyway.

What's with the talk about online banking not being safe?? I'm guessing it's something to do with sniffing stuff on the wire?


Strong passwords don't mean much if your security question is easy to guess. You should stretch your paranoia into those too.

Already have! I just set it to "grandfathers occupation" and then scrambled it. Even I don't know what it is! How secure is that? :D If I lose my PW, I'll just send a new one to my primary email address.

Try truecrypt. It's the ultimate paranoid program. It ranks any passwords below 20 characters as weak. So I have a truecrypt drive which is encrypted with 3 different encoding algorithms, one after the other, and it's protected by a 23-character password. Truecrypt is awesome, I'm not worried for my data at all ) Even if someone had physical access, it's probably impossible to crack.

Hmmm my root password is closer to 30 characters.

IMO there's no point in having such a complex root password, since you can read anything from a LiveCD or even a Windows partition anyway.

And typing it each time you sudo something must be a pain.

IMO there's no point in having such a complex root password, since you can read anything from a LiveCD or even a Windows partition anyway.

And typing it each time you sudo something must be a pain.
Well my machine runs ssh sever. Root login is disabled but it is still possible to login as root.

Hmm.Does truecrypt have any impact on access/read/write times? (I guess it must, so what I must really mean is how much impact.)

I too find security important, but at the same time I remind myself from time to time, that those who are serious about hacking into a system or network usually have a good reason to do so.

In other words, often data is stolen in order to be sold. In order to sell this data, it needs to be valuable.

Ask yourself how valuable is the data that you have on your computer to others? Is it valuable enough for someone to spend time and effort to steal it?

If you are an average user who checks emails, does some work and uses their computer for leisure, then there is a high probability that much of your DOD DEFCON LEVEL 50 security habits are exaggerated at best.

Who is at a raised threat to have their system hacked? IMO politicians, people in positions of power, rich people, celebrities, bankers, researchers, lawyers, etc.

So it is definitely good to be worried about your privacy and the security of your files, but don't over do it because it might turn out that we are not as important as we think we are :)

Having a PGP encrypted partition or folder for data we deem sensitive is good, having sound password habits is good too, using firewalls and engaging in sensible surfing habits are all good.

Anything beyond that, and anything that begins to require more and more of your time to manage becomes counter productive, unless you know that your data is valuable to others, so much that many people would be willing to compromise your security to obtain it.

I did go through such a phase in my teens, when I became aware of the security issues, but I soon realised that my exaggerated security measures did not reflect the data I had on my computer; emails from friends and relatives, school stuff, work related files and leisure/entertainment files.

So unless you work for multinational corporations and are routinely given prototype technology to audit, or unless you have millions in the bank, or are a lawyer representing one corporation against another in a multibillion dollar legal battle, I don’t think many people know you/we exist even.

Hmm.Does truecrypt have any impact on access/read/write times? (I guess it must, so what I must really mean is how much impact.)

Sure it does, writing/encrypting is slow, but reading is pretty fast, actually I didn't notice any difference. Then again, you probably shouldn't put anything you use too often on an encrypted drive.

there has been a little test a while back upon the impact of full disk encryption with LUKS/dm_crypt... it was pretty basic but impact on speed didn't seem to be that big... : http://www.phoronix.com/scan.php?page=article&item=ubuntu_hdd_encrypt&num=1