Thread: More reasons to store NOTHING on the Internet: Facebook exposes hundreds of millions of user login/passwords IN CLEARTEXT since 2012!
View Single Post
  #2  
Old March 24th 19, 05:43 AM posted to comp.mobile.android,misc.phone.mobile.iphone,comp.sys.mac.system,alt.comp.os.windows-10
arlen holder
external usenet poster
  
Posts: 130
Default More reasons to store NOTHING on the Internet: Facebook exposes hundreds of millions of user login/passwords IN CLEARTEXT since 2012!
On Sun, 24 Mar 2019 06:13:24 +0100 (GMT+01:00), Libor Striz wrote:

One thing is the personal password policy.

Hi Poutnik,

FACTS + LOGIC.

Do not reuse passwords and change them at least after any revealed pw break.

LOGIC:
A good personal password policy is to _generate_ unique passwds securely
o And then to save those generated passwords _locally_ in encrypted form:
https://groups.google.com/d/msg/misc.phone.mobile.iphone/5Z15v7xP8so/fG_nz45HGwAJ

The best general purpose freeware for this type of security seems to be
*Linux*:
o https://sourceforge.net/projects/kee...test/download?
*Windows*:
o https://keepass.info/download.html
*Mac*:
o https://sourceforge.net/projects/kee...atest/download
*Android*:
o https://play.google.com/store/apps/details?id=keepass2android.keepass2android
o https://play.google.com/store/apps/details?id=com.android.keepass
*iOS*:
o https://itunes.apple.com/us/app/keepass-touch/id966759076
o https://itunes.apple.com/us/app/minikeepass/id451661808

Note also the responsible sites do not store passwords at all,
but password hashes, generated by one way process.

In addition, they should be _salted_ when stored, IMHO.

Other thing is the personal data policy.

LOGIC:
For a personal data policy, I suggest "encrypted containers", IMHO,
o Best freeware for portable encrypted file containers
https://groups.google.com/d/msg/comp.mobile.android/cas1QJ_j2uI/4Uut0HGrBgAJ

The best freeware seems to be Veracrypt, IMHO,
1. Windows === Veracrypt freeware with Truecrypt-style containers
2. Linux === Veracrypt freeware with Truecrypt-style containers
3. Android === EDS Lite freeware with Truecrypt-style containers
4. *iOS === there is no freeware available (but payware exists on iOS)

Many of data stored on internet are intentionally public without
need of any password. Many of other data can use 2 step protection,
with their own encryption.

FACT:
*Two-factor authentication has huge _restrictions_ on Apple ecosystems.*

LOGIC:
o Brodsky versus Apple: Two-factor authentication is abusive to users
https://www.scribd.com/document/399265266/Brodsky-versus-Apple-alleging-that-two-factor-authentication-is-abusive-to-users
"A class action suit has been filed that accuses Apple's two-factor
authentication of being too disruptive to users, taking too much time
out of a user's day when it is needed, and abusive since it can't be
rolled back to a less safe login method after 14 days."
https://appleinsider.com/articles/19/02/09/apple-being-sued-because-two-factor-authentication-on-an-iphone-or-mac-takes-too-much-time

The part that is restrictive is that you're stuck with it for the rest of
your life where Apple won't give you the freedom to do what you want.

I don't know if any other ecosystem other than Apple has this huge restriction.
o Do you?
Ads