[PLUG] About password strength

Sudhanwa Jogalekar sudhanwa.com at gmail.com
Sat Dec 23 12:23:01 IST 2017 

Hi,




<snipped>

Dear Arun,

<rant>

Thank you for sharing those links. I have seen these on so many Indian
sites including our own Income Tax Department ( to file ITR Returns)
that it has become a joke.

There is a term called 'Security theater'
https://en.wikipedia.org/wiki/Security_theater which is apt for this
occasion.

To top it with the new Firefox release, you cannot even use addons
like Certificate Patrol to see what kinds of TLS encryption the site
https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/ . I
have seen lots of reputable sites using pretty poor ciphers for
encryption and for end-users there is no reasonable way for them to
take a call as to what's best or needs to be changed, including most
of the private and public banks.



Security is all about the risk that you can take. It has nothing much to do
with anything else.


If you are covered under some assurance/insurance from the bank or other
such authorities, you should not bother much about the criticality of the
cyphers etc.

It's your (users) call to accept the risk or not.

BTW

Even RBI uses some certificate issued by private parties. (Not Indian)

Regards
Sudhanwa




FWIW I have written to some banks whose customer I am and had been
thinking of shifting to digitial platforms but haven't received any
sort of substantial answers from them.

What you have highlighted is that only 0.0001 percent fools like us
want security and are a bit paranoid like us. The rest just go about
their merry way.

I don't have solutions other than building awareness on the bottom of
the pyramid but that is kind of slow death. When people are ready to
give their fb usernames and passwords at the drop of the hat without
doing any social engineering than this feels like a long task

</rant>

I do wish we had better ways to enhance and mass-reach on sensitive
topics like these.

--
          Regards,
          Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8
_______________________________________________
plug-mail mailing list
plug-mail at plug.org.in
http://list.plug.org.in/listinfo/plug-mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.plug.org.in/pipermail/plug-mail/attachments/20171223/5b29ae88/attachment.html>

More information about the plug-mail mailing list