LinkedIn password database compromised

Sean Harlow sean at seanharlow.info
Fri Jun 8 00:25:51 UTC 2012


On Jun 7, 2012, at 19:24, Randy Bush wrote:

> this is a feature, not a bug.  you should be explaining to them why they
> should never type passwords on another's keyboard, log on to anything
> from an internet cafe, ...

And this is where you lose the user.  It doesn't matter that you're entirely right about the security risks of doing so, but real-world security is all about finding a balance with usability.

Situations where the data really does need to be secure are great for mandating public key authentication, as you point out it raises a significant technical barrier to the unskilled user preventing them from even attempting to access it from anywhere they shouldn't.  That said, I doubt anyone but the most insane of security geeks are using it for their personal email.  If the value to the person of being able to access their data from $random_computer exceeds the perceived risk, they'll do it if they can.

---
Sean Harlow
sean at seanharlow.info





More information about the NANOG mailing list