security

Since July 15 2014, Google have by default disabled access by "less secure apps" to things like IMAPS.

This means running something like mbsync or getmail which only uses PLAIN or LOGIN AUTH is declared a "less secure app" and will put you into a loop of being told to log into your account via a web page to confirm the login attempt was you, force doing a very secure confirmation that it IS you, and then just throw the same damn error again.

For some odd reason, a 2 second delay is included by default when accidentally entering an incorrect username and password combination. This is meant to be a security feature to prevent evil people from brute force attacking your password!

Edit /etc/lightdm/lightdm.conf and add the following to exsting section.

greeter-hide-users=true

It is mind blowing that these incredibly insecure options are enabled by default.

A more complete list of options is available in /usr/share/doc/lightdm/lightdm.conf.

Edit /etc/lightdm/lightdm.conf and add the following to exsting section.

allow-guest=false

For previous versions

When starting up an Ubuntu computer, for some odd reason it decides to give away all the user logins that are available on that machine. This isn't particularly secure. Yes, these details can be obtained by directly reading the hard drive, but this is significant effort compared to simply turning it on.

To disable the user list, there doesn't seem to be a user interface switch as of Ubuntu 10.04, but there is a command line way to do it.

I have a separate username and password for every single site I visit. I do this because I own numerous domains from which I allocate a site specific email address which in turn allows me to track which website leaked or sold my email when I get a spam. Even if I didn't do this, I would still need some kind of system to keep track of the million different usernames that I've had to come up with because of my normal name being taken, or some length restriction.