nanog mailing list archives
Re: LinkedIn password database compromised
From: Sean Harlow <sean () seanharlow info>
Date: Thu, 7 Jun 2012 20:25:51 -0400
On Jun 7, 2012, at 19:24, Randy Bush wrote:
this is a feature, not a bug. you should be explaining to them why they should never type passwords on another's keyboard, log on to anything from an internet cafe, ...
And this is where you lose the user. It doesn't matter that you're entirely right about the security risks of doing so, but real-world security is all about finding a balance with usability. Situations where the data really does need to be secure are great for mandating public key authentication, as you point out it raises a significant technical barrier to the unskilled user preventing them from even attempting to access it from anywhere they shouldn't. That said, I doubt anyone but the most insane of security geeks are using it for their personal email. If the value to the person of being able to access their data from $random_computer exceeds the perceived risk, they'll do it if they can. --- Sean Harlow sean () seanharlow info
Current thread:
- Re: LinkedIn password database compromised, (continued)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 06)
- Re: LinkedIn password database compromised Jimmy Hess (Jun 06)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 06)
- Re: LinkedIn password database compromised James Snow (Jun 07)
- Re: LinkedIn password database compromised Peter Kristolaitis (Jun 07)
- Re: LinkedIn password database compromised JC Dill (Jun 07)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 07)
- Re: LinkedIn password database compromised Owen DeLong (Jun 07)
- Re: LinkedIn password database compromised Mark Andrews (Jun 07)
- Re: LinkedIn password database compromised Randy Bush (Jun 07)
- Re: LinkedIn password database compromised Sean Harlow (Jun 07)
- Re: LinkedIn password database compromised Randy Bush (Jun 07)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 06)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 07)
- Re: LinkedIn password database compromised jeff murphy (Jun 07)
- RE: LinkedIn password database compromised Matthew Huff (Jun 07)
- Re: LinkedIn password database compromised Jared Mauch (Jun 07)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 07)
- RE: LinkedIn password database compromised Bruch, Mark (Jun 07)
- Re: LinkedIn password database compromised Owen DeLong (Jun 07)
- Re: LinkedIn password database compromised Jay Mitchell (Jun 08)
- Re: LinkedIn password database compromised Marshall Eubanks (Jun 07)