LinkedIn password database compromised

• Previous message (by thread): LinkedIn password database compromised
• Next message (by thread): LinkedIn password database compromised
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 7, 2012 at 8:58 AM, Jared Mauch <jared at puck.nether.net> wrote:
> I'm imagining my mother trying this, or trying to help her change it after the hard drive dies and the media in the safe deposit box doesn't read anymore.

I would think it's fairly simple.
What if she forgot her existing password?  Most sites have a 'reset
password' link they e-mail you.
A browser extension 'helper' would simply generate a new key and let
you reset your password.  Maybe the helper could be dumbed down enough
to automatically handle the password reset screen and automatically
POST the new key to the reset page.

I'm sure it could be done transparently enough that our mothers
wouldn't need to think twice about it.

Heck--the 'helper' could probably even back up your SSH key off-site
sorta like LastPass does.  And if your private key is actually
password protected, it's slightly less useless if the off-site backup
company were compromised.

The only downfall is how do you get access to your e-mail account?
(Google already calls my cell and/or home phone if I request access
without using my password.)

I agree there are stumbling blocks, and it wouldn't be perfect--but it
seems like it would be much better than the alternative we have now.
People using the same password on multiple sites, passwords written
down, dumb website operators not salting their hashes, etc...

Also, thanks for the great secondary DNS service.  ;)

-A

• Previous message (by thread): LinkedIn password database compromised
• Next message (by thread): LinkedIn password database compromised
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]