Text 2017, 160 rader
Skriven 2005-01-17 13:51:06 av Ellen K. (1:379/45)
   Kommentar till text 2001 av Rich (1:379/45)
Ärende: Re: Usage history
=========================
From: Ellen K. <72322.enno.esspeayem.1016@compuserve.com>

On Sun, 16 Jan 2005 15:36:15 -0800, "Rich" <@> wrote in message
<41eafa3e@w3.nls.net>:

>   Yes, cc numbers were brought up earlier in one of the attempts to divert
the discussion.
>
>   You are very unusual if you have different usernames and passwords.  I fail
when I explain to people why they should do this.

Guess I've been hanging around here too long.   <ggg>

>As for usernames specifically, it is not practical as many sites use email
addresses instead usernames for sign-in and unless you want to create multiple
email accounts, which most people don't, you can only change the password.
Heck, I know people that do not realize that when signing up for site X that
requires an email address and password that the password for site X need not be
the same as the password for their email address.
>

Thankfully none of my bank, brokerage or credit card accounts fall into this
category.   I understand where the sites that do this are coming
from, i.e. an email address is guaranteed to be unique, but you are exactly
right that it ends up creating a possible security issue when a person is
signed up for multiple sites that all use the email address.

>   Your work examples though I think are examples of bad or lacking
integration.  My logon and email identifies are the same because they are the
same.  For Remote Deskop and Terminal Services, again my one identity is used.
Logging on remotely doesn't, and shouldn't, use a different identity than
logging on locally.
>

I probably didn't explain this clearly.  My work logon and my work email logon
are the same, but have different passwords.   On the pcAW on my
one work desktop that has an external IP address specifically for the purpose
of letting me in via pcAW I created a host object for myself to use to get into
the machine.   I gave this a different username and yet
another password, but once it lets me into the system I still have to log on to
my machine with my normal username and password.

>Rich
>
>
>  "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in message
news:18jlu09b16c03vh74i1nv0aa30fsdt9p5i@4ax.com...
>  The reason I brought up the optional wallet service was that a couple of
>  messages upthread the discussion was about credit card numbers.
>
>  To answer your question, yes, I have a unique username and password for
>  any site where I care about the privacy and security of my information.
>  For example I have different usernames and passwords for Schwab,
>  e*Trade, the outfit that manages my company's 401(k) plan, and the
>  credit card issuer whose bills I pay online.   At work my username is
>  the same for logon and email because with Novell it has to be, but the
>  passwords are different, and both the username and password for the pcAW
>  host object on my desktop are different from the other two.
>
>  On the other hand, I don't care if my password for the NYTimes is the
>  same as my password to the LATimes.   But even that isn't the same as
>  single sign-in because there isn't a common manager that looks at what I
>  read in both places, which with single sign-in would be at least
>  theoretically possible.
>
>  On Sat, 15 Jan 2005 21:08:17 -0800, "Rich" <@> wrote in message
>  <41e9f6c1@w3.nls.net>:
>
>  >   There was an optional wallet service and you are right, this additional
optional service could not be anonymous.  You aren't comparing apples to apples
if you include the people that made a choice to use this.  Folks that wanted to
be anonymous would not choose this.
>  >
>  >   Really, this argument is silly.  I don't know you but too many people I
know use the same password on the many sites that require them to register,
whether they lie or not.  Their intent is to have something that acts like
single sign-in.   Now I'm sure the people arguing against single sign-in here
are not hypocrits and all use distinct unique usernames, email addresses,
passwords, etc for each and every account they have.  Don't you?
>  >
>  >Rich
>  >
>  >  "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in message
news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com...
>  >  Well, if you only use Passport as a signin, yes.  But there was a piece
>  >  to it where it would know your credit card information so when you used
>  >  it to log on to a site where you wanted to buy stuff you wouldn't have
>  >  to enter the credit card information.   It would be impossible to use
>  >  that part and be anonymous.
>  >
>  >  On Mon, 10 Jan 2005 15:09:44 -0800, "Rich" <@> wrote in message
>  >  <41e30b2c@w3.nls.net>:
>  >
>  >  >   I disagree.  Passport is no less anonymous than other signin
mechanisms.  You are in control of the information you provide to create your
signin.  If you want to lie then lie.
>  >  >
>  >  >Rich
>  >  >
>  >  >  "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in message
news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com...
>  >  >  I think he wasn't addressing services claiming they don't disclose...
>  >  >  his message gave examples of people trying to be anonymous... but
>  >  >  someone trying to be anonymous wouldn't use Passport (unless they were
>  >  >  REALLY stupid) so I'm not quite following the logic either.
>  >  >
>  >  >  On Sun, 9 Jan 2005 10:04:25 -0800, "Rich" <@> wrote in message
>  >  >  <41e1720a@w3.nls.net>:
>  >  >
>  >  >  >   The fragment you chose to quote is interesting.  How many services
claim that they do not disclose info as required by law?
>  >  >  >
>  >  >  >   The rest is garbage.
>  >  >  >
>  >  >  >Rich
>  >  >  >
>  >  >  >  "Mike N." <mike@u-spam-u-die.net> wrote in message
news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com...
>  >  >  >  On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" <@> wrote:
>  >  >  >
>  >  >  >  > If you mean to question what Passport is to Microsoft you should
use Microsoft's claims about the service
>  >  >  >
>  >  >  >  http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=1033
>  >  >  >
>  >  >  >  "NET Passport may disclose personal information if required to do
so by law
>  >  >  >  or in the good-faith belief that such action is necessary to: (a)
conform
>  >  >  >  to legal requirements or comply with legal process served on
Microsoft;"
>  >  >  >
>  >  >  >     This confirms the information I already had.  A single signon is
for
>  >  >  >  convenience, not security.  Sure your ISP can see what you're
doing.  They
>  >  >  >  can initiate a wiretap when served by a subpoena.  However there
are many
>  >  >  >  people for which this won't suffice -
>  >  >  >     o terrorists who jump from Cafe to Cafe.
>  >  >  >    o  commuters who use wireless internet services from Starbucks,
at work,
>  >  >  >  airports, etc.
>  >  >  >    o Those who attempt to escape identity by wardriving from open
wireless
>  >  >  >  to open wireless LAN.
>  >  >  >      Investigators would need to obtain subpoenas from thousands of
ISPs to
>  >  >  >  cover all activities of a person.   Alternatively, assuming that
.NET is in
>  >  >  >  widespread use, they would just need to subpoena Microsoft to get a
>  >  >  >  complete profile of sites where a signon was used, and the IP
>  >  >  >  address/date/time they were accessed from.
>  >  >  >
>  >  >  >     It still appears that if anyone gets your passport  login, they
can
>  >  >  >  assume your signon, just as if they are you.

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)