[Cryptography] Security weakness in iCloud keychain
Tom Mitchell
mitch at niftyegg.com
Fri May 4 17:53:53 EDT 2018
On Thu, May 3, 2018 at 11:44 PM, Jon Callas <jon at callas.org> wrote:
>> On May 2, 2018, at 11:45 AM, Ron Garret <ron at flownet.com> wrote:
>>
>> I have a “sacrificial iPod” that I don’t use for anything mission-critical
....
>> This leaves me wondering:
It is not just Apple.
Google Chromebooks depend on a google account.
Microsoft Windows 10 depends on an email account as an ID.
The Microsoft one is a pain. You can use any email account
and I would venture a lot of people use their ephemeral company email account.
Loose your job and you also are likely disconnected from your contact list so
necessary to get the next job today and also loose recovery options
for the laptop hardware and cloud backups.
The email string for Win10 is just an account name and very early they want to
setup MS services based on it. And the account big+bob at gmail.com ends up
being both a MS email account and a Gmail email account -- now should they
have the same pass word?
Each browser and OS wants to save pass words. So on an Apple Mac there
is the macine, the cloud, the browsers, and even PGP ID data + ssh login
credentials and recovery methods. Then there are credit cards
attached to system,
machine and cloud accounts. I like
I think I am going to head out to walmart and purchase a $2.99 4x6
photo album and fill it
with a couple photos that cover 4x6 index cards full of manually
obfuscated real passwords
URIs and accounts.
4x6 cards with India ink ;-) and a steady hand in a good lock box.
More information about the cryptography
mailing list