On Mon, 2011-04-25 at 13:15 -0600, Nicholas Leippe wrote: > Correct me if I'm wrong, but if your passwordcard is stolen it yields > a rather small dictionary for an attack on your accounts. > Better than plain text, but still not very secure--enough so that I'm > not sure it's worth it.
The card is designed to thwart shoulder surfing and naive attackers. Obviously targeted theft is outside the threat model. Geez, what's so hard to grasp about "perfect is the enemy of the good"? In a perfect world we would all memorize different 20+ character randomized passwords for each service we use. Meanwhile, back in the real world... /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
