Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] webmail password protection?



On 25/01/06, Josh Glover <jmglov@example.com> wrote:
On 25/01/06, Edward Middleton <edward@example.com> wrote:

> > How do you protect your password when checking email via an untrusted
> > browser (like in an Internet cafe)?  None of the popular webmail
> > solutions seem to have one time password options.
>
> I think this goes like credit cards.  Have one you use for things that
> are a bit grey in the trust area, keep another for everything else.

To add to Edward's good idea, change the password of the "grey"
account from a trusted browser every time you have to use it in an
untrustworthy location.

Of course, that does not prevent someone from harvesting all the mail
they can grab from your untrusted account *before* you can get the
password changed back.

One-time use and block would work, then.

On a more general note, the only way to have trustworthy end-to-end comms is to have control of both ends.  For instance, even the USB key jobbies with a Linux computer in that use no software on the machine are still susceptible to keyboard cable sniffing.  So, Zaurus + wifi + e.g. IPSEC is good, and any prevention measure on an untrusted machine is not.

--
Ian.

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links