Re: [qubes-users] Password security/disposable vm security
Kk, thanks for all the information as long as that AppVM thing is true I'm happy enough. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8bf2c54-a135-486b-b9f1-dd0cfd6fd896%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
"The protection you want is against the evil software leaking the password. A disposable VM would not help in this case as you enter the password, or you let it remember your site passwords, then it would just send it out t the evil website immediately. " Looks like the post got double posted somehow, and I'm not interested in just evil software rather good software that gets corrupted through evil input. "So make sure your software is from a trusted source." Right but even if it is trusted at one point it can become less trustworthy later(infection) so I wanted to keep it perfectly "fresh" by using disposables. "Personally, I' d avoid thunderbird and anything from mozilla, but thats just me." Do they have a bad track record(I planned on researching my apps later =p). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/474bcb69-c175-4be0-a4a5-f0191e879f43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
Okay so I read all of that lol, and I understood it all but what if there was an e-mail client that used the browser method? You get logged in to all your emails without retrieving anything then switch to cookie authentication and forget the password, that way when the zero-day happens you only lose your cookie which is probably not as powerful as the actual password(ie I dont think you can change your password with just the cookie) plus the zero day can't "permanently" compromise thunderbird cause you opened it in a disposable , just only after this odd login method over and over again =p. Maybe that's overdoing it butI don't want to change my passwords ever so laziness commands me to want such a thing XD. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08bc87f4-c999-47d0-ac60-5c1f6aa450b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Password security/disposable vm security
So I was reading one of the guides and I came across this: "there is absolutely no point in not allowing e.g. Thunderbird to remember the password – if it got compromised it would just steal it the next time I manually enter it" So this was written 6 years ago but it's the latest one I think. Can't we just create disposable thunderbirds to protect the password? Or is disposable not true security? I mean maybe a custom thunderbird would be needed so it never used the password again/instantaneously forgets it after login >.> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68bba524-d934-4ca0-8935-ea4693b16fcc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Password security/disposable vm security
So I was reading one of the guides and I came across this: "there is absolutely no point in not allowing e.g. Thunderbird to remember the password – if it got compromised it would just steal it the next time I manually enter it" So this was written 6 years ago but it's the latest one I think. Can't we just create disposable thunderbirds to protect the password? Or is disposable not true security? I mean maybe a custom thunderbird would be needed so it never used the password again/instantaneously forgets it after login >.> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d47dce4-0225-4b96-a823-603ebc656a96%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
