Re: [tlug] webmail password protection?

["David J Iannucci" <jlinux@example.com>]

> How do you protect your password when checking email via an untrusted
> browser (like in an Internet cafe)?  None of the popular webmail
> solutions seem to have one time password options.

I've got a method I use that I assume is good enough for most
situations.  I have memorized a pattern of interleaving the characters
of my username and password.  E.g. if my username was "username" and my
password was "abc123", I could interleave them like this:

  usaebrc1na2m3e

When I log in, rather than typing, I copy and paste characters off the
text on the login page (to thwart keyloggers). This is quite feasible
for me since I use fastmail.fm, which has a lot of text on its login
page :-)  I make it more secure by copying strings of characters that
contain bits of the interleaved string plus other extraneous characters,
then later go back and delete the extraneous ones.  And I do this all in
a random-ish order (so in the above example I might start from "eb" and
put the "us" in after).  It's a bit hard to do random operations on the
password because you can't quite read it, being ***ed out.  It depends
how paranoid you want to be :-)

I might be very naive, but I figure this is safe enough to use almost
anywhere.  I'm not planning on trying to use this method in the lobby at
Fort Meade anytime soon :-)  I'd think someone would have to *really*
want to steal your info and be willing to spend a lot of effort to do it
in order to crack this scheme.

But I'd like to hear from anyone who thinks I've overlooked something
important.

Dave

Salt Lake City, Utah