[Discuss] Are passwords even long enough?

[ingegnue at riseup.net (IngeGNUe)]

On 07/06/16 23:59, Rich Pieri wrote:
> On 7/6/2016 11:04 PM, IngeGNUe wrote:
>> Yes I know I was very strong about it but that is Very rare, especially
>> if you're not downloading software from untrusted sources.
> 
> Guess again. There are 4885 known vulnerabilities (CVE numbers) in all
> versions of WordPress core, plugins and themes as of this writing:
> 
> https://wpvulndb.com/

Now, now, we're moving the goal post. First it was spyware, then it was
malware in general, and now vulnerabilities? These are all distinct
categories.

> 
> That's worse than Microsoft's track record of 4399 CVE numbers for all
> of their products since 1999:
> 
> https://www.cvedetails.com/vendor/26/Microsoft.html
> 
>> I doubt it. I don't do this. (Unless Google Apps are *by definition* a
>> federated service.)
> 
> Single sign-on is a subset of federated identity, so yes, Google's
> authentication is a federated identity service by definition.
> 

I'm having trouble understanding yet why it would be a risk for
passwords as long as the federation remains within Google Apps (Drive,
YouTube, Docs, Mail, the whole potato)