Talk:1200: Authorization

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search

This is the reason that I set sudo to not prompt for a password. I just make sure my computer locks itself aggressively. 06:59, 17 April 2013 (UTC)

The admin account should still be guarded EXACTLY for the ability to install drivers. The driver you don't want to have installed is keylogger stealing your passwords. I mean, you don't have your bank password remembered in browser, do you? Still, auto-logout or auto-lock is important feature. You should also set-up and use separate account for high-risk activities (like opening emails from unknown persons promising naked celebrities ... ok, you actually shouldn't be opening such emails at all, but if you are really curious ...). -- Hkmaly (talk) 09:06, 17 April 2013 (UTC)

Even if you can log into your bank account, you could not transfer money without authorizing transactions. BKA (talk) 11:23, 17 April 2013 (UTC)
My bank account website logs me out if I'm inactive for 10 minutes. It doesn't even leave the page up, it switches to a login screen. 14:35, 17 April 2013 (UTC)
I wonder how useful a keylogger would be if you never typed a username or e-mail to go with the password. Every important account I have has that remembered, and I just type the password. It sounds like it would be zero context. 15:09, 17 April 2013 (UTC)
Except usernames tend to be reasonably easy to figure. E-mails certainly are what with folks tending to broadcast their e-mail addresses to everyone. So passwords, although also often not overly difficult to crack (, remain the part not generally known. Not worrying about a keylogger picking up a password, even "out of context" would be a mistake. 17:11, 17 April 2013 (UTC)
Also, modern keyloggers (despite still being called keyloggers) also capture screen and mouse movement. They are perfectly able to record a password entered by clicking on keyboard on screen and many other ideas tried to complicate keylogging. -- Hkmaly (talk) 22:48, 17 April 2013 (UTC)

Actually, for many years popular operating systems such as MS Windows did *not* have separate security for system administration, which made it very popular for the propagation of viruses and other malware. And once it was introduced, it wasn't enforced for many years. Only relatively recently this is happening, and still viruses, trojan horses and botnets thrive, because it is slightly inconvenient for the user to act safe(r). 13:13, 19 April 2013 (UTC)

Not agree with Randall on this one. Laptop stealing is very physical, there are way to keep people from physically able to use our active login session, such as make sure the laptop is physically secured when possible, make sure the screen locked out when we are away (we can automate that using bluetooth detection), etc. Root password protect another kind of attack, generally more clandestine one, such as trojan and rootkit installations, which can be more dangerous as we may not be aware it is there. Arifsaha (talk) 17:06, 6 May 2013 (UTC)