Slashdot Mirror

← Back to Stories (view on slashdot.org)

Passwords Can Sit on Hard Disks for Years

Posted by CmdrTaco on from the my-password-is-31337 dept.

CygnusXII writes ""As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security." "

6 of 449 comments (clear)

  1. P2P by Anonymous Coward · · Score: 5, Insightful

    It's amazing how easy it is to find people's password files shared on P2P apps like DirectConnect, Gnutella, etc. There's everything - Total Commander (FTP), WS FTP, mail clients, you just have to search for the proper file name.

  2. of course, I've used the same password for years.. by rickthewizkid · · Score: 4, Insightful

    ... and nobody's figured it out yet. I actually use several passwords, depending on the level of security. The "lowest" password, "password", is used for signing up to things like mailing lists, etc where there's little chance of me returning. The mid-level password, a pair of words with numbers in them, is used for mid-level security, such as my email, etc. The highest level password, a random collection of numbers, letters, and symbols, is used for the most secure information, such as my bank account, slashdot login and my pr0n encryption key.

    Now if I could only remember the combination to my safe.....

    Just my 46fctfj6&*23's worth....
    -Rick the WizKid
    (oooops...)

  3. all you can do is be careful by LBArrettAnderson · · Score: 3, Insightful

    There's no way to be 100% secure with passwords and the likes, but there are some things everyone should do. 1.) don't have the same password for everything! The website admins to every site you use a password for have access to it (and no one can trust a slashdot editor!). 2.) change your password often. The more often the better. This won't always work since most people, when they get a password, will do their damage immediately... but you never know. Another advantage here is OLD websites that you visitted a long time ago may change and new administrators will have access to your password.

    pretty redundant stuff, but good advice that most people are too lazy to follow.

  4. Re:Hehe by Mortoc · · Score: 5, Insightful

    The fact that a password can sit on a hard drive is really irrevelent. If someone has access to your hard drive, they might as well just set up a keylogger and wait till you access a bank account or something, that would be much easier than wading through hundreds of megabytes of swap. This security hole is almost completely irrevelent, the only time that I would worry about something like that is when throwing away a a computer (which should be recycled anyway). Someone interested enough could go through your trash, removed an old hard drive and start snooping around.

  5. Re:Rubbish! by julesh · · Score: 3, Insightful

    Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.

    That's a flat out lie.

    $ man mlock

    MLOCK(2) Linux Programmer's Manual MLOCK(2)

    NAME

    mlock - disable paging for some parts of memory

    Indeed, and under Windows (quoted from msdn.microsoft.com):

    The VirtualLock function enables a process to lock one or more pages of committed memory into physical memory (RAM), preventing the system from swapping the pages out to the paging file.

  6. Re:No Guarantee of Security?!?! by LookSharp · · Score: 3, Insightful

    Of course, you could always use Knoppix or something similar whenever buying on-line. This would also solve the problem for the truly paranoid.

    Of course, because everyone knows that retailers all use crackerjack security and are completely impenetrable by malicious forces. :)

    (Everyone always forgets that these are two-party-- or more-- transactions.)