[Clips] Bypassing the Password Prompt

R.A. Hettinga rah at shipwright.com
Mon Oct 17 20:03:51 EDT 2005 

--- begin forwarded text


 Delivered-To: clips at philodox.com
 Date: Mon, 17 Oct 2005 20:02:26 -0400
 To: Philodox Clips List <clips at philodox.com>
 From: "R.A. Hettinga" <rah at shipwright.com>
 Subject: [Clips] Bypassing the Password Prompt
 Reply-To: rah at philodox.com
 Sender: clips-bounces at philodox.com

 <http://www.washingtonpost.com/wp-dyn/content/article/2005/10/15/AR2005101500178_pf.html>

 The Washington Post

 washingtonpost.com
 Bypassing the Password Prompt

 By Mike Musgrove
 Washington Post Staff Writer
 Sunday, October 16, 2005; F07

 So many passwords, so little memory. In a digital era where everybody can
 access everything from bank information to vacation photos online,
 passwords are everywhere and many folks in the plugged-in world are finding
 they have more than they can remember.

 Password-management software, designed to give people a safe place to stash
 all those secret codes, has become a mini-industry unto itself. For Mac
 users, Apple has even built a password-stashing program, called Keychain,
 into the operating system.

 Security expert Bruce Schneier, the author of a free program for Windows
 users, got so tired of having to keep a lot of seldom-used passwords in his
 head that he designed a digital-locker program that he gives away at his
 security-focused blog, http://www.schneier.com/ .

 Schneier says his program, which is basically a notepad locked under its
 own password, uses "military-level" encryption. "Basically, the idea is
 that you could hand this file to your worst enemy, and he still couldn't
 get to your passwords," he said.

 Just don't come complaining to him if you forget the password that you use
 to open the program because he has no way to access it.

 Schneier's program requires users to copy and paste their password from his
 program to any password-protected application or Web site. For users
 looking to reclaim a few more precious seconds from their daily Web
 routine, there's another program that makes things even a little easier.

 A security widget from Siber Systems Inc., a small software company in
 Fairfax, automates the process of logging on to password-protected Web
 sites. Click on your "Hotmail" entry in the program, for example, and
 RoboForm will automatically enter your information and log you in to the
 Web-based e-mail program. If you like, the program will even randomly
 generate a password for you, all the better for protecting that valuable
 info locked up at your online stock account.

 Siber Systems marketing executive Bill Carey says that the program, which
 will also stash your credit card information and fill it out when you make
 purchases online, has been downloaded 6 million times since its launch in
 2001. The company offers a free trial version of the software at
 http://www.roboform.com/ ; the full version costs $29.95.

 Sometimes Web users can circumvent the process of having to use a password
 at all. For Web surfers who don't want to register at pesky news sites that
 want your e-mail address and demographic information, one site,
 http://www.bugmenot.com , is a clearinghouse for bogus accounts. It'll set
 you up with cheeky fake names and passwords -- like "noinfo1 at fromme.com"
 and "death_to_logons" -- that already work on the site you're trying to
 access.

 Though Bugmenot.com is primarily a handy way to avoid registering at a news
 site -- the site lists washingtonpost.com as an offender -- it also pitches
 itself as a social movement for those who find it annoying that such Web
 sites ask for personal information. The site has a petition online, a
 protest "to demonstrate the pointless nature of forced Web site
 registration schemes and the dubious demographic data they collect."

 By signing the petition, Bugmenot.com users vow to create a fake account at
 one of the "top ten offending sites" on Nov. 13, which the site dubs
 "Internet Advertiser Wakeup Day."

 --
 -----------------
 R. A. Hettinga <mailto: rah at ibuc.com>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 Clips at philodox.com
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list