nanog mailing list archives
Re: LinkedIn password database compromised
From: Jimmy Hess <mysidia () gmail com>
Date: Wed, 6 Jun 2012 22:34:39 -0500
On 6/6/12, Aaron C. de Bruyn <aaron () heyaaron com> wrote: [snip]
One local password used everywhere that can't be compromised through website stupidity...
One local password is an excellent idea of course. "Remote servers directly handling user created credentials" should be appended to the list of the worst ideas in computer security. Which digital id architecture should web sites implement, and what's going to make them all agree on one SSO system and move from the current state to one of the possible solutions though? :) A TLS + Client-Side X.509 Certificate for every user. BrowserID OpenID Active Directory Federation Services OASIS SAML / STS + WS-Trust Shibboleth SSO CoSign SSO Facebook Connect Novell Access Manager Windows Live ID [insert a thousand of the other slightly more obscure Multi-website Single-Login systems] .... -- -JH
Current thread:
- LinkedIn password database compromised Lynda (Jun 06)
- Re: LinkedIn password database compromised Marshall Eubanks (Jun 06)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 06)
- Re: LinkedIn password database compromised Jimmy Hess (Jun 06)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 06)
- Re: LinkedIn password database compromised James Snow (Jun 07)
- Re: LinkedIn password database compromised Peter Kristolaitis (Jun 07)
- Re: LinkedIn password database compromised JC Dill (Jun 07)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 07)
- Re: LinkedIn password database compromised Owen DeLong (Jun 07)
- Re: LinkedIn password database compromised Mark Andrews (Jun 07)
- Re: LinkedIn password database compromised Randy Bush (Jun 07)
- Re: LinkedIn password database compromised Sean Harlow (Jun 07)
- Re: LinkedIn password database compromised Randy Bush (Jun 07)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 06)
- Re: LinkedIn password database compromised Marshall Eubanks (Jun 06)