[153530] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Sean Harlow)
Thu Jun 7 20:26:29 2012
From: Sean Harlow <sean@seanharlow.info>
In-Reply-To: <m27gvin1t0.wl%randy@psg.com>
Date: Thu, 7 Jun 2012 20:25:51 -0400
To: Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 7, 2012, at 19:24, Randy Bush wrote:
> this is a feature, not a bug. you should be explaining to them why =
they
> should never type passwords on another's keyboard, log on to anything
> from an internet cafe, ...
And this is where you lose the user. It doesn't matter that you're =
entirely right about the security risks of doing so, but real-world =
security is all about finding a balance with usability.
Situations where the data really does need to be secure are great for =
mandating public key authentication, as you point out it raises a =
significant technical barrier to the unskilled user preventing them from =
even attempting to access it from anywhere they shouldn't. That said, I =
doubt anyone but the most insane of security geeks are using it for =
their personal email. If the value to the person of being able to =
access their data from $random_computer exceeds the perceived risk, =
they'll do it if they can.
---
Sean Harlow
sean@seanharlow.info
