Thread: Gregg's Nearly Interminable Adventures in Linux Land
View Single Post
Old 11-07-2017, 08:43 AM   #768
DMcCunney
New York Editor
DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.DMcCunney ought to be getting tired of karma fortunes by now.
 
DMcCunney's Avatar
 
Posts: 6,384
Karma: 16540415
Join Date: Aug 2007
Device: PalmTX, Pocket eDGe, Alcatel Fierce 4, RCA Viking Pro 10, Nexus 7
Quote:
Originally Posted by Gregg Bell View Post
Thanks a lot for the explanation, Dennis. So I use KeePass2 for most of my passwords but I figured I was safer having my important passwords offline written down somewhere. Firefox and Chrome are always asking to store my passwords and I'm always saying no. Would it be wise to store even my important passwords in the browsers? Or maybe they'd be better off in KeePass2?
What makes you assume important passwords are safer written down on paper and not stored in your browser?

My passwords all live in Firefox, and get entered automatically when I visit sites. Sites that use passwords pretty much all use https these days. I have a couple of password manager extensions that allow me to see what the stored passwords are, and export them to a file for import elsewhere. (I do a lot of playing with custom Firefox profiles. When I spin up a new one, my existing bookmarks and passwords get imported.)

I've never used something like Keypass or LastPass because I haven't needed them. (And there are folks who are paranoid about keeping password stores in the cloud.)

There are a site or two I visit that require you to change your password periodically, and when I visit I discover my saved password no longer works, and I must request an email to reset it. Annoying, but not worth complaint.

How might my passwords be extracted from my browser? I've never heard of that occurring. Most threats use things like keystroke loggers and man-in-the-middle attacks. Keystroke loggers are like viruses - easy enough to block if you have a secure system - and man-in-the-middle attacks require the attacker to be able to read your traffic. That's what https is all about. They can't.

Quote:
Are we all vulnerable to keystroke sniffing all the time?
No. How vulnerable we are depends upon our knowledge of securing our systems, and we are when we access the Internet. The vast majority of my usage is from my desktop, at home, with a router with security enabled and software and hardware firewalls. The only way someone gets access to my data is sitting down at my desktop's keyboard. If they can do that, I have much bigger problems than password security.)

Vulnerability tends to occur if you are accessing the Internet while traveling. I seldom do, and when I do, I'm likely doing it from a hotel room. I'm not online from a bar or restaurant with free Wifi.

Quote:
I don't say anything sensitive either. I just don't want to get hacked and then have the scumbag send out spoofing or phishing emails to my friends. (Or if it was my list, 5K readers.)
Which is why you exercise proper precautions to prevent being hacked. It simply isn't a concern for me, because I use Gmail as primary email address. If I used Yahoo I'd be nervous, because they've had massive breaches. AOL got hacked in the old days, but they've tightened up since.

(Verizon is dropping their own email. They bought AOL a while back, and are advising fo0lks with verizon.net address to switch to an AOL account. They bought Yahoo, too. Whether Yahoo email will continue to exist is unclear. I personally doubt it. Why support two webmail solutions if you're Verizon?)

Quote:
I don't want a client. I used Thunderbird along time ago and didn't like it.
I've never had a problem with Thunderbird. It has quirks, but works well once you have it configured. And there are an assortment of addons for it to customize it more to your liking.

As mentioned, I don't use it for email. I could, and it does have my Gmail address configured, but that's strictly for the odd case where I might need to send email from Tbird. I almost never have to do that.

Quote:
It was just that Godaddy guy hammering me about how I needed a client.
He lied to you to sell you something.

Quote:
That's the thing. I never knew. He was just convincing me that if I had an email client I wouldn't be entering the password in the keyboard. Hence safer.
Hardly safer. Security begins with knowledge. He was able to push you on it because you lack knowledge. You need to repair that lack.

Quote:
I got Essentials because Godaddy's free email (that came with the website builder) was horrific.
And how much do you actually use GoDaddy's free email? Since you have, like, and use Gmail, what do you need GoDaddy's email for?

Quote:
And Godaddy hosts my website and their new website builder is really pretty good. And 24/7 telephone support is good. Most of the people are really good, but some are real salesmen. (I have to gear up for being sold something every time I call.)
Okay, you have a legitimate reason for using their service, and are (mostly) happy with them.
______
Dennis
DMcCunney is offline   Reply With Quote