On Wed, Jul 27, 2022 at 7:37 PM Tim via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
Tim:
>> Of course you get banks that only let you set an 8-character
>> password, all in the name of security.
I've avoided using online bank accounts. When I complain
about a withdrawal I didn't make, banks say you must have
given your password to someone. I can reply that I don't use
online banking and don't have a password to give away. The
downside is that I'm sometimes told I don't exist.
There's an awful lot of things that want you to login these days,
things that really don't need to know who you are. In the past they
usedo say login using your Hotmail address and password, now it's
gmail, and people stupidly do. They give it the password for their
email address, instead of setting a password for that service. And
then they get owned, either because that site set out to harvest their
credentials, or is an easily hacked site that gets them stolen from it.
Passwords I used decades ago on vendor sites started appearing on
darkweb lists after the vendors either went out of business or were
bought by unreliable new owners. I assume passwords make it the
dark web when bad actors hack the vendors systems or buy systems
at bankruptcy auctions.
There have been some useful studies comparing different password
policies. Very long plain text passphrases without time limits are now
recommended over shorter passwords that expire every month or two.
I have two-factor authentication enabled wherever it is available, and
have been told that real-two factor auth is coming for my bank.
George N. White III
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure