Comments on: Email Best Practice #5

By: Antione Fuhriman

Antione Fuhriman — Fri, 15 Jul 2011 13:37:18 +0000

I think this is one of the most important information for me. And i am glad reading your article. But should remark on few general things, The site style is wonderful, the articles is really great : D. Good job, cheers

By: G.Chomic

G.Chomic — Fri, 10 Apr 2009 02:06:37 +0000

@keyur

There is actually a bit danger to that method, especially with doc files but also with txt files. Typing a password in a non-secure storage space – be it a txt file, or a doc file, or anywhere but an input box – leads to the storage of that file in various areas in the memory. Nominally, that’s “fine” – it potentially puts passwords in non-priviledged non-permament storage. However, two caveats:

a) Many applications make temp files in case you perform an ‘oops’. Word does, if you’ve saved it at one point. One of my two preferred text editors, gVim, does even if you haven’t, IIRC. You close it ungracefully, and *poof* your password is on your hard drive forever.

b) User patterns. You use the method just described, and invariably you will open that txt file and leave it there for awhile. If you’re like most users, you will then do this often. You might even make it permanent – a big security no-no. Let’s say you’re more intelligent than that – but you do hibernate your laptop from time to time. Now the entire contents of your memory are on your hard drive, including your password. For quite some time.

Generally, though, I feel the big risk is anything that leads users to storing passwords in a desktop client or file. Users will take that practice too far.

Instead, use a program like KeePass or KeePassX (Linux version.) Stores encrypted, doubleclick the password to copy to your clipboard, paste it and your clipboard clears in 10 seconds automagically.

By: Nirav Ajmeri

Nirav Ajmeri — Tue, 07 Apr 2009 15:13:48 +0000

The reason of doing some twists is certain keyloggers also store the handles of window where the password was typed. So its always safe to key-in certain characters via keyboard and then use mouse to change the cursor location and key-in the other characters.

By: H

Tue, 07 Apr 2009 09:59:16 +0000

I think thats also an option, but given the fact that the keylogger would ideally also capture applications that you open and the keys you press – like ctrl-c and ctrl-v it would be easy for someone to make out that you typed your password and pasted it. However, if you type a lot of garbled text along with the password, and then select the password within lines of text, and paste it, it would be much more safe.

By: keyur

keyur — Tue, 07 Apr 2009 09:07:19 +0000

you can do also this thing
- type your password in other file like .txt or .doc, etc…
- then copy that password and paste into paste password field…

i think there is no problem in this method…