Re[2]: [Nolug] Email passwords are.. special?

From: Dustin Puryear <dustin_at_puryear-it.com>
Date: Wed, 14 Feb 2007 13:34:19 -0600
Message-ID: <150627457.20070214133419@puryear-it.com>

To me this isn't even a Windows issue. If you setup your cell or PDA
to collect your mail via whatever, then your mobile device almost
definitely has a weakly protected password in there.

Someone made a comment about two-factor authentication for the
paranoid, and I can't really think of many alternatives. Right now I
only see:

1. Ignore the risk
2. Use separate email accounts
3. Use two-factor authentication for external access
4. Don't allow any external email access 

---
Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414
http://www.puryear-it.com
Author:
  "Best Practices for Managing Linux and UNIX Servers"
  "Spam Fighting and Email Security in the 21st Century"
Download your free copies:
  http://www.puryear-it.com/publications.htm
Wednesday, February 14, 2007, 1:24:03 PM, you wrote:
> On 2/14/07, Dustin Puryear <dustin@puryear-it.com> wrote:
>> So, there is always this conflict over whether accounts for email
>> (POP3, IMAP) should be tied to your normal account. In most
>> situations, companies are trying to consolidate accounts. And
>> companies with directories (be it LDAP or AD) definitely see this
>> trend continuing. Yet, there is the risk that a compromised email
>> password will then compromise the network.
> <snip>
> This issue scares me, no doubt. Personally I keep a separate username
> for all my shell work, and at times I've tried to force clued users on
> my boxen to use a reduced-privilege account for their plain-text
> transfers, but found that it rarely gets enforced. I use POP3, by the
> way, and occasionally have need of FTP for my clients.
> Single-sign-on is great, I can really see how that can make life much
> easier in the enterprise, but like I said, that scares me. You can
> trumpet SSL all you want, but when you add Windows boxen to the mix,
> all bets are off IMHO when it comes to security. If you keep
> everything behind firewalls, I'm not as concerned, but the moment you
> have people typing their LAN password into a form on a public website,
> I get very nervous.
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/14/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST