[Clips] Bypassing the Password Prompt
R.A. Hettinga
rah at shipwright.com
Mon Oct 17 20:03:51 EDT 2005
--- begin forwarded text
Delivered-To: clips at philodox.com
Date: Mon, 17 Oct 2005 20:02:26 -0400
To: Philodox Clips List <clips at philodox.com>
From: "R.A. Hettinga" <rah at shipwright.com>
Subject: [Clips] Bypassing the Password Prompt
Reply-To: rah at philodox.com
Sender: clips-bounces at philodox.com
<http://www.washingtonpost.com/wp-dyn/content/article/2005/10/15/AR2005101500178_pf.html>
The Washington Post
washingtonpost.com
Bypassing the Password Prompt
By Mike Musgrove
Washington Post Staff Writer
Sunday, October 16, 2005; F07
So many passwords, so little memory. In a digital era where everybody can
access everything from bank information to vacation photos online,
passwords are everywhere and many folks in the plugged-in world are finding
they have more than they can remember.
Password-management software, designed to give people a safe place to stash
all those secret codes, has become a mini-industry unto itself. For Mac
users, Apple has even built a password-stashing program, called Keychain,
into the operating system.
Security expert Bruce Schneier, the author of a free program for Windows
users, got so tired of having to keep a lot of seldom-used passwords in his
head that he designed a digital-locker program that he gives away at his
security-focused blog, http://www.schneier.com/ .
Schneier says his program, which is basically a notepad locked under its
own password, uses "military-level" encryption. "Basically, the idea is
that you could hand this file to your worst enemy, and he still couldn't
get to your passwords," he said.
Just don't come complaining to him if you forget the password that you use
to open the program because he has no way to access it.
Schneier's program requires users to copy and paste their password from his
program to any password-protected application or Web site. For users
looking to reclaim a few more precious seconds from their daily Web
routine, there's another program that makes things even a little easier.
A security widget from Siber Systems Inc., a small software company in
Fairfax, automates the process of logging on to password-protected Web
sites. Click on your "Hotmail" entry in the program, for example, and
RoboForm will automatically enter your information and log you in to the
Web-based e-mail program. If you like, the program will even randomly
generate a password for you, all the better for protecting that valuable
info locked up at your online stock account.
Siber Systems marketing executive Bill Carey says that the program, which
will also stash your credit card information and fill it out when you make
purchases online, has been downloaded 6 million times since its launch in
2001. The company offers a free trial version of the software at
http://www.roboform.com/ ; the full version costs $29.95.
Sometimes Web users can circumvent the process of having to use a password
at all. For Web surfers who don't want to register at pesky news sites that
want your e-mail address and demographic information, one site,
http://www.bugmenot.com , is a clearinghouse for bogus accounts. It'll set
you up with cheeky fake names and passwords -- like "noinfo1 at fromme.com"
and "death_to_logons" -- that already work on the site you're trying to
access.
Though Bugmenot.com is primarily a handy way to avoid registering at a news
site -- the site lists washingtonpost.com as an offender -- it also pitches
itself as a social movement for those who find it annoying that such Web
sites ask for personal information. The site has a petition online, a
protest "to demonstrate the pointless nature of forced Web site
registration schemes and the dubious demographic data they collect."
By signing the petition, Bugmenot.com users vow to create a fake account at
one of the "top ten offending sites" on Nov. 13, which the site dubs
"Internet Advertiser Wakeup Day."
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips at philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list