nanog mailing list archives
Password safes &c. (was: Dear Linkedin,)
From: Andrew Sullivan <asullivan () dyn com>
Date: Fri, 8 Jun 2012 16:48:38 -0400
On Fri, Jun 08, 2012 at 01:30:42PM -0700, Michael Thomas wrote:
PS: when security is hard, people simply don't do it.
I think this is exactly right. The idea that we are going to train everyone on earth to keep eleventy billion distinct passwords in their heads -- or in a "password safe" that is either (1) under someone else's control because it's a web service or (2) inaccessible half the time because it's on their laptop and they're using their phone now and OMG -- is preposterous. (This without mentioning that they also have to remember the username that goes with it, which is _also_ variable.) We have an engineering challenge here, and the PKI we have so far doesn't work. No, I have no magic answers. I'm not that smart. Michael Thomas is still right about this. Best, A -- Andrew Sullivan Dyn Labs asullivan () dyn com
Current thread:
- Re: Dear Linkedin,, (continued)
- Re: Dear Linkedin, Paul Graydon (Jun 08)
- Re: Dear Linkedin, Michael Thomas (Jun 08)
- Re: Dear Linkedin, Paul Graydon (Jun 08)
- Re: Dear Linkedin, Michael Thomas (Jun 08)
- Re: Dear Linkedin, Michael Thomas (Jun 08)
- Re: Dear Linkedin, Alec Muffett (Jun 08)
- Re: Dear Linkedin, Michael Thomas (Jun 08)
- Re: Dear Linkedin, Alec Muffett (Jun 08)
- Re: Dear Linkedin, Owen DeLong (Jun 08)
- Re: Dear Linkedin, Joe Provo (Jun 08)
- Re: Dear Linkedin, Michael Thomas (Jun 08)
- Re: Dear Linkedin, Paul Graydon (Jun 08)
- Password safes &c. (was: Dear Linkedin,) Andrew Sullivan (Jun 08)
- Re: Password safes &c. (was: Dear Linkedin,) Tyler Haske (Jun 08)
- Re: Password safes &c. (was: Dear Linkedin,) Andrew Sullivan (Jun 08)
- Re: Password safes &c. Paul Graydon (Jun 08)
- Re: Password safes &c. (was: Dear Linkedin,) Lyndon Nerenberg (Jun 08)
- Re: Password safes &c. (was: Dear Linkedin,) Jay Ashworth (Jun 09)
- Re: Password safes &c. Paul Graydon (Jun 08)
- Re: Password safes &c. (was: Dear Linkedin,) JoeSox (Jun 08)
- Re: Dear Linkedin, Alec Muffett (Jun 08)
- Re: Dear Linkedin, Lyndon Nerenberg (Jun 08)
- Re: Dear Linkedin, Michael Thomas (Jun 08)