Ridding myself of root passwords?

Daniel Fussell dfussell at byu.edu
Thu Feb 6 15:12:52 MST 2014


On 02/06/2014 02:22 PM, S. Dale Morrey wrote:
> At some point you have to say enough is
> enough, I need usability.  The best security I can offer for my valuables
> is a bank vault, but then again a court order (or even someone flashing a
> badge legitimate or not) can cause the bank to cough that up, so is it
> really any more secure?

I don't want to start another leg of this discussion, but I would like
to point out that banks are not secure.  A lot of money is spent on
doors that will only unlock once a day, have air vents and maybe food
and water in case someone gets locked in.  But the truth of the matter
is, rarely does someone consider the security of the wall.  For the most
part that's ok; out of sight out of mind, nobody notices the wall. 
Until someone backs a van through through it.

Some banks will put money into the wall strength.  A lot of banks are
just branch locations retrofitted from a standard business building. 
The vault door is there to deter the casual bank robber, and mostly
night-time, front-door break-ins.  If someone walks in with a gun in the
day light, the door is already open, and everyone is instructed not to
be a hero in this situation.  Nobody is going to close the door.  As you
say, that's what insurance is for.  There are locks on individual safety
deposit boxes, but a bank robber would have to drill them out.  If they
don't already know which box and what they are looking for, they have a
limited window in which to find something they might want and get out. 
Roughly about 5-10 minutes.  And frankly, a good portion of the things
stored in a safety deposit box are documents, not valuables.  They are
often stored there for fire protection, keeping a will from disappearing
from the family filing cabinet, etc.

Most bank robbers are aware of these facts, which is why they don't go
for the vault.  They go for a teller, an ATM, your online banking
credentials, your reputation and credit, and your bitcoin stash.  All of
which are safer for them, less likely to get multiple jurisdictions
working together to find you, and the insurance company covers the loss
anyway (unless you suffered the loss directly, then you just get a years
worth of credit monitoring, i.e. Target).  An attacker only gets caught
if their operation becomes big enough that a card network or insurance
company takes notice.

;-Daniel


More information about the PLUG mailing list