Speaking as someone who works at a public library, I can tell you with a fair degree of confidence that if somebody installs a keylogger on a public access station, he's going to be able to collect much more compromising (to the victim) and valuable (to the miscreant) things than Perlmonks accounts. Of course, what he'll *mostly* get is a bazillion free Yahoo and Hotmail accounts, which in general are going to be worth precisely what the original owner paid for them. However, I'm confident that any Perlmonks accounts collected would be cleanly outnumbered by credit card numbers. Which do you suppose the attacker will be cheifly interested in using?

The one-time-pad idea is a good one, for situations that warrant that kind of security. I wish banks would use such a mechanism, for instance. I have doubts about the need for such a thing on Perlmonks, though, and carrying around the pad would be sufficiently inconvenient that I personally would, for something like Perlmonks, just take the risk and use my regular password. (Of course, my account doesn't have any privileges that would be really dangerous to the site, so all I'd be losing in the worst case scenario would be my own account; an account with more interesting priveleges might warrant greater care.)

Heh. It is hard to imagine that anyone would care enough to steal account information and impersonate another monk. Heck, most of the people I know start rolling their eyes whenever I start talking about PerlMonks. Of course, many of them roll their eyes whenever I talk about anything, but that is another story. :)

Not to diminish the critical nature of PerlMonks or the way that civilization hangs in the balance on our every post, but surely those running keyloggers and sniffing network traffic have better fish to fry than this? Or perhaps it has been too long since I was in school, and I've forgotten how much time one has for pranks and mischief ... ?

hmmm what if I stick a keylogger on the terminal you use in the library?

Hi.
A keyboard logger installed on a machine in the library would still be defeated by the disposable password concept.

Thanks,
~Katie.

Doesn't pudge have an option for logins on public terminals on use.perl.org?

Yes, but the underlying engines differ tremendously (use.perl.org uses Slashcode and the monastery uses Everything). Options on one don't map to the other without a lot of work.

Do not rebuke them with harsh words ... but rather lead them gently - with URLs - so that they may learn wisdom.

Provide the option for all monks to generate a relatively small list of disposable passwords (similar to a one-time pad). The monk in question would retain this list and use each password in sequential order only when logging in from a machine in a public setting. Once he/she logs out, the password that was used is invalidated thereby rendering a sniffer/keyboard logger completely ineffective.

This is not to diminish the fact that this is a hole.

Now, being nearly completely security-naive, does TLS get us anywhere?

We could always add a seperate part to the login where you pick an item (previously chosen via your preferences) from a group of items. The items would be shuffled every page load so your item would always be in different positions rendering a keylogger and sniffer ineffective. Seems pretty high security that no other websites includes banks even bother with ;) It could still be a fun side project though.

For those who can't picture it. Say we pick 10 words. Each word is displayed on the login page as a radio button. The radio buttons values are randomly picked and the correct one (associated with the correct word) is stored on the server in the user session. When the user picks one it compares there password and word with the session to see if they match. Sniffing would do no good because the values sent back and forth each time would change and have no meaning. A slightly more complex twist would be for each user to have a rule like I pick the word starting with an a, you pick the one with two ee's etc. Anyway it all seems a bit of overkill but that doesn't mean it wouldn't be a fun project! ;)

Actually, Bank of America does this as an anti-phishing measure. They have you associate some text with one of several dozen images, and then they display your text with the image before they ask for your login password. While not foolproof (for some values of 'fool') this seems to be a reasonable security measure, and it might be a fun feature to implement, even if it isn't really necessary. :)


No good deed goes unpunished. -- (attributed to) Oscar Wilde