[Tfug] Why would *anyone* leave a door open?

[Bexley Hall]

> >I have probably a dozen machines that I use on a regular basis.
> >That doesn't count other online accounts, etc.  (note that I
> >have *no* online banking, credit card, utility, etc. accounts
> >which would only add to the number of "secrets")  I don't have
> >duplicate passwords.  All of them contain nonalphanumeric
> >charactes, etc.  And none are "written down".  Great!  *But*,
> >relying on brute force memory means I simply can't afford to
> >change them often!  So, regardless of how many of the "right"
> >things I do, I can't do *all* of them (without resorting to
> >pen and paper, etc.)
> 
> I'm not nearly as secure or methodical about my passwords
> as that... though I suppose I should try a little harder.

But it's a losing battle!  Each new account means yet another
password (or three!).  E.g., I only remember root passwords on
my machines.  Too damn hard to remember regular accounts!
Instead, I login as toor and su to the "user du jour".

> Still, I tend to have lots of Net accounts spread all over
> the place for various functions.  Even when using duplicate
> passwords (sometimes), one of my
> biggest problems is remembering just what the hell my user
> name is on system/site X.  The bigger the Net, the larger the
> number of sites and users, the bigger the problem of getting 
> something unique that *you* want (because
> you'll be more likely to remember it).

Yup.  I think it helps if your name is Mxlpxt!  ;-)
In some cases, I rely on names/words that are tied to bits of
my past/present/future.  In other cases, just random sequences
of characters.  <shrug>  Its no harder to remember than
an equally obscure sequence of characters for a password.  :<

> So, I've finally resorted to storing all this critical
> information in a text file on my file server.

<grin>  I did that on the first time-sharing system that
I used -- but, never "saved" it "on line".  Instead, I
typed it in and then "listed" the file with the paper
tape punch turned on  ;-)  Then, deleted the file.

This was handy as it rendered the list virtually unreadable
to anyone but a geek.  And, typically required that geek to have
access to a teletype to decode the list (unless you used a
"pocket decoder").

Unfortunately, even coiled up nice and tight, it was still
like carrying a marble around all the time  :<

> But... I keep my home directory on an encrypted filesystem
> with a lengthy and
> unique passphrase.  That means that every time the
> machine boots it is
> unaccessible until I log in, become root, and run my mount
> script which does all the setup and unlocks/mounts the thing.
> 
> I find this to be a useful setup.  I can keep all my
> important data on the encrypted filesystem and be relatively 
> sure about its safety.  Having only my
> home directory encrypted also means that the machine can
> boot on its own
> (unlike my laptop which is fully encrypted and needs the
> passphrase just to
> boot).  Useful for when I need to remotely reboot it.

Why not keep it on your PDA?  And just configure it
not to be "backed up" when you resync with your machine?

> Of course, I typically keep the thing unlocked and mounted
> the whole time the
> machine is on, so if somebody was able to break in via the
> Net they could get
> it.  But it's plenty sufficient for somebody with
> physical access.