Path: ...!goblin2!goblin.stu.neva.ru!weretis.net!feeder8.news.weretis.net!feeder5.news.weretis.net!news.solani.org!.POSTED!not-for-mail From: Bernd Rose Newsgroups: news.software.readers Subject: Re: Newsreaders eh? It works!!!!!! Date: Sun, 25 Apr 2021 07:54:17 +0200 Message-ID: References: <5ifdtcfysmqe.c88u41oufaun.dlg@40tude.net> <1fevaouhkj7bx.dlg@b.rose.tmpbox.news.arcor.de> <1batsl3tlcz2g.1c3po4uxfkisw$.dlg@40tude.net> <13q2mi3vl45dn.dlg@b.rose.tmpbox.news.arcor.de> <1njp0q6xbxjv6.dlg@b.rose.tmpbox.news.arcor.de> <1ihhykus54hm.dlg@b.rose.tmpbox.news.arcor.de> <9O_gI.39682$wd1.10659@fx41.iad> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Injection-Info: solani.org; logging-data="26958"; mail-complaints-to="abuse@news.solani.org" User-Agent: 40tude_Dialog/2.0.15.41 (f38faecb.47.374) Cancel-Lock: sha1:R4htYvHgwTrK2R+Cfi692/LoEes= X-User-ID: eJwNyUkBwDAIBEBL3GHlEAL+JbTzHdfg6GPhYb6+z9U3O2tA3EJjB8hpY7qDLUODpeAX9QY2xZQ6i8enRNdT8pb8GZST+wHbMBpC Bytes: 3936 Lines: 48 On Sat, 24th Apr 2021 16:01:14 -0400, Tekkieİ wrote: [Gravity-sTunnel-Comcast setup] > It works!!!! Exuberance is too mild of word to describe my happiness. Thanks for the feedback! :-) Btw., the working setup would have been my first suggestion, if you hadn't fooled me with your initial statement, that you already got many suggestions and none worked. Therefore, my first variant was a more exotic approach. ;-) > I admit the last go around of failure is the fact that Comcast requires me to > change my password every two weeks on this account. Not a good idea. They should know better. If people need to change their passwords frequently, they tend to use too simple ones. (Just to be able to remember them.) The passwords then are easily guessed with dictionary attacks (maybe combined with counters) and the like. Or users write the passwords down in places accessible to others. Moreover, email inboxes are usually accessed from many different places (PC, Smartphone,...). The programs used for access usually are configured to save passwords. Although saved passwords usually aren't encrypted too well on local systems (especially with older programs), frequent changes of password will provide no advantage in security. If a device is already compromised, the password change will not alter this. If not, then the situation is okay, in the first place. But with many devices, people tend to forget changing passwords. Result are frequent cases of multiple failing logins. If the provider will not go out of service in no time, he has to configure his service to react lenient on invalid logins. This is an invitation for hackers. Better would be the opposite approach: Require a long complex password, do not permit unencrypted (with secure, current methods) login and react harsh on failed login attempts. (Sufficient timeout, but not so long, that after a hacking attempt, the legitimate user can not login, either.) Provide (unerasable, nonalterable) login history on a status page for a feasible amount of time (maybe a month). And require any password change (and any other basic setup alteration, like means of contact) to be verified and confirmed across a different - secure - channel. > I forgot to change my password in Gravity... You now have proof that I am > a burnt out bulb in the chandelier. IMHO, the requirement to change mail password every two weeks is just ridiculous. Bernd