nanog mailing list archives
Re: LinkedIn password database compromised
From: "Aaron C. de Bruyn" <aaron () heyaaron com>
Date: Thu, 7 Jun 2012 09:09:44 -0700
On Thu, Jun 7, 2012 at 8:58 AM, Jared Mauch <jared () puck nether net> wrote:
I'm imagining my mother trying this, or trying to help her change it after the hard drive dies and the media in the safe deposit box doesn't read anymore.
I would think it's fairly simple. What if she forgot her existing password? Most sites have a 'reset password' link they e-mail you. A browser extension 'helper' would simply generate a new key and let you reset your password. Maybe the helper could be dumbed down enough to automatically handle the password reset screen and automatically POST the new key to the reset page. I'm sure it could be done transparently enough that our mothers wouldn't need to think twice about it. Heck--the 'helper' could probably even back up your SSH key off-site sorta like LastPass does. And if your private key is actually password protected, it's slightly less useless if the off-site backup company were compromised. The only downfall is how do you get access to your e-mail account? (Google already calls my cell and/or home phone if I request access without using my password.) I agree there are stumbling blocks, and it wouldn't be perfect--but it seems like it would be much better than the alternative we have now. People using the same password on multiple sites, passwords written down, dumb website operators not salting their hashes, etc... Also, thanks for the great secondary DNS service. ;) -A
Current thread:
- Re: LinkedIn password database compromised, (continued)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 07)
- Re: LinkedIn password database compromised Owen DeLong (Jun 07)
- Re: LinkedIn password database compromised Mark Andrews (Jun 07)
- Re: LinkedIn password database compromised Randy Bush (Jun 07)
- Re: LinkedIn password database compromised Sean Harlow (Jun 07)
- Re: LinkedIn password database compromised Randy Bush (Jun 07)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 07)
- Re: LinkedIn password database compromised jeff murphy (Jun 07)
- RE: LinkedIn password database compromised Matthew Huff (Jun 07)
- Re: LinkedIn password database compromised Jared Mauch (Jun 07)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 07)
- RE: LinkedIn password database compromised Bruch, Mark (Jun 07)
- Re: LinkedIn password database compromised Owen DeLong (Jun 07)
- Re: LinkedIn password database compromised Jay Mitchell (Jun 08)
- Re: LinkedIn password database compromised Marshall Eubanks (Jun 07)
- Re: LinkedIn password database compromised Lynda (Jun 07)
- Re: LinkedIn password database compromised Randy Bush (Jun 07)
- Re: LinkedIn password database compromised Christopher Morrow (Jun 07)
- Re: LinkedIn password database compromised Randy Bush (Jun 07)
- Re: LinkedIn password database compromised Tei (Jun 07)
- Re: LinkedIn password database compromised Marshall Eubanks (Jun 07)