Re: Newsreaders eh? It works!!!!!!

Liste des GroupesRevenir à ns readers 
Sujet : Re: Newsreaders eh? It works!!!!!!
De : b.rose.tmpbox (at) *nospam* arcor.de (Bernd Rose)
Groupes : news.software.readers
Date : 25. Apr 2021, 07:54:17
Message-ID : <r91xi9hu1tf4.dlg@b.rose.tmpbox.news.arcor.de>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13 14
User-Agent : 40tude_Dialog/2.0.15.41 (f38faecb.47.374)
On Sat, 24th Apr 2021 16:01:14 -0400, Tekkie© wrote:

[Gravity-sTunnel-Comcast setup]
It works!!!!  Exuberance is too mild of word to describe my happiness.

Thanks for the feedback!  :-)

Btw., the working setup would have been my first suggestion, if you hadn't
fooled me with your initial statement, that you already got many suggestions
and none worked. Therefore, my first variant was a more exotic approach. ;-)

I admit the last go around of failure is the fact that Comcast requires me to
change my password every two weeks on this account.

Not a good idea. They should know better. If people need to change their
passwords frequently, they tend to use too simple ones. (Just to be able
to remember them.) The passwords then are easily guessed with dictionary
attacks (maybe combined with counters) and the like. Or users write the
passwords down in places accessible to others.

Moreover, email inboxes are usually accessed from many different places
(PC, Smartphone,...). The programs used for access usually are configured
to save passwords. Although saved passwords usually aren't encrypted too
well on local systems (especially with older programs), frequent changes
of password will provide no advantage in security. If a device is already
compromised, the password change will not alter this. If not, then the
situation is okay, in the first place.

But with many devices, people tend to forget changing passwords. Result
are frequent cases of multiple failing logins. If the provider will not
go out of service in no time, he has to configure his service to react
lenient on invalid logins. This is an invitation for hackers.

Better would be the opposite approach: Require a long complex password,
do not permit unencrypted (with secure, current methods) login and react
harsh on failed login attempts. (Sufficient timeout, but not so long,
that after a hacking attempt, the legitimate user can not login, either.)
Provide (unerasable, nonalterable) login history on a status page for
a feasible amount of time (maybe a month). And require any password
change (and any other basic setup alteration, like means of contact) to
be verified and confirmed across a different - secure - channel.

I forgot to change my password in Gravity... You now have proof that I am
a burnt out bulb in the chandelier.

IMHO, the requirement to change mail password every two weeks is just
ridiculous.

Bernd

Date Sujet#  Auteur
01.01 o 

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal