On Wed, Jul 27, 2022 at 7:37 PM Tim via users <users@lists.fedoraproject.org> wrote:
> Tim: > >> Of course you get banks that only let you set an 8-character > >> password, all in the name of security. > I've avoided using online bank accounts. When I complain about a withdrawal I didn't make, banks say you must have given your password to someone. I can reply that I don't use online banking and don't have a password to give away. The downside is that I'm sometimes told I don't exist. > There's an awful lot of things that want you to login these days, > things that really don't need to know who you are. In the past they > usedo say login using your Hotmail address and password, now it's > gmail, and people stupidly do. They give it the password for their > email address, instead of setting a password for that service. And > then they get owned, either because that site set out to harvest their > credentials, or is an easily hacked site that gets them stolen from it. > Passwords I used decades ago on vendor sites started appearing on darkweb lists after the vendors either went out of business or were bought by unreliable new owners. I assume passwords make it the dark web when bad actors hack the vendors systems or buy systems at bankruptcy auctions. There have been some useful studies comparing different password policies. Very long plain text passphrases without time limits are now recommended over shorter passwords that expire every month or two. I have two-factor authentication enabled wherever it is available, and have been told that real-two factor auth is coming for my bank. -- George N. White III
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
