I have unique passwords for every site. I use a common base but have a system for the name of the site being in the pass.
Base= MyPassW0rd Google = MyPassGoogleW0rd I also have "throw away" and "Attached to Money" passwords. And Attached to Money is even more complex. I self manage I don't use a password locker. I have had trouble when sites rebrand. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Schnitzer Sent: Monday, January 02, 2012 11:19 PM To: [email protected] Subject: Re: [google-appengine] Re: OT: Doing It Wrong The flip side of this argument is that by typing in a username & password on a zillion websites, your credentials are exposed when any of those websites are compromised. Some people argue that you should use a unique username and password on each site. Those people live in a fantasy world populated with an entirely different species of human than the one I live in. The "average internet user" uses the same password for banking as they do for their porn viewing, and it will take maoist-style re-education camps to change that. Nothing stops you from creating separate moogle accounts for various services, so *your* security is not compromised in any way. But taking passwords out of the hands of crappy PHP forums around the world would be a big step in making the internet as a whole more secure. Also: Since all those services have "reset password" features associated with your email address, even having separate username/passwords for each doesn't really get you any additional security. It all comes down to securing the email address. BrowserID is rad because it's a more elegant way of handling this email address association. Jeff On Mon, Jan 2, 2012 at 12:31 PM, Brandon Wirtz <[email protected]> wrote: > I don't like Browser ID, OpenID, Oauth solutions because I can put a > form on a page that looks just like one, get your pass, and then look > at which sites you have cookies for and instantly know which sites I > have your User/Pass for. > > Unified login might be fine for protecting your Facebook... but SOME > COMPANY I won't say who but it rhymes with Moogle. Recently unified > my logins so where I used to have a Password for my Mail, a Password > for my YouTube, a Password for my Adsense, and a Password for Adwords. > Today if you hack my Plus account you could spend $100k on adwords > against your website, making me poorer, and you richer. > > Unified Login is for convenience not security. You might as well > guard your site with a note that says "do not hack me it isn't nice" > > -Brandon > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jeff Schnitzer > Sent: Monday, January 02, 2012 11:26 AM > To: [email protected] > Subject: Re: [google-appengine] Re: OT: Doing It Wrong > > On Mon, Jan 2, 2012 at 11:11 AM, Paul <[email protected]> wrote: >> While we are at it - what would you suggest to be a most efficient >> solution on App Engine? Is bcrypt too heavy? > > My advice is not to bother with all that crap. Use BrowserID anywhere > you would use a username/pw instead. > > I recently replaced the local username/pw part of my dual-auth system > (FB being the other) with BrowserID. The user experience is way > better than any other local auth system I've seen, including ours - > which was pretty damn nice. > > http://www.browserid.org/ > > Jeff > > -- > You received this message because you are subscribed to the Google > Groups "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to [email protected]. > For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. > -- We are the 20% -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
