nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LinkedIn password database compromised

From: Sean Harlow <sean () seanharlow info>
Date: Thu, 7 Jun 2012 20:25:51 -0400
On Jun 7, 2012, at 19:24, Randy Bush wrote:


this is a feature, not a bug.  you should be explaining to them why they
should never type passwords on another's keyboard, log on to anything
from an internet cafe, ...


And this is where you lose the user.  It doesn't matter that you're entirely right about the security risks of doing 
so, but real-world security is all about finding a balance with usability.

Situations where the data really does need to be secure are great for mandating public key authentication, as you point 
out it raises a significant technical barrier to the unskilled user preventing them from even attempting to access it 
from anywhere they shouldn't.  That said, I doubt anyone but the most insane of security geeks are using it for their 
personal email.  If the value to the person of being able to access their data from $random_computer exceeds the 
perceived risk, they'll do it if they can.

---
Sean Harlow
sean () seanharlow info
Previous By Date Next
Previous By Thread Next

Current thread: