BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Are passwords even long enough?
- Subject: [Discuss] Are passwords even long enough?
- From: ingegnue at riseup.net (IngeGNUe)
- Date: Fri, 8 Jul 2016 13:56:47 -0400
- In-reply-to: <779fd002-1a0b-b925-1734-3311931b61c9@gmail.com>
- References: <da2a3b17-dacb-fe11-aeb3-9622103ddc5a@riseup.net> <c8758c88-6482-92e5-58e0-d379b6794b14@borg.org> <43abc9bc-4b74-65cd-2d2b-5cdf3dc891d0@riseup.net> <bcde90e5-06b3-5413-5101-39be3ea1d866@gmail.com> <6979f7dc-ebe7-1930-3075-5df4b72631ee@riseup.net> <e96a001a-3503-a9c2-c06f-69fb7d94a6d5@gmail.com> <a64384cd-0d87-3c1b-540a-19a52706d7a5@riseup.net> <5291960d-7318-d847-c02e-d3c8f11c0781@gmail.com> <1c0c38b0-e46f-11a4-ed0b-75e9e1b33814@riseup.net> <779fd002-1a0b-b925-1734-3311931b61c9@gmail.com>
On 07/07/16 23:01, Rich Pieri wrote: > On 7/7/2016 8:07 PM, IngeGNUe wrote: >> But that means you're considering whether one of Google's sites are >> compromised, which is something I thought we had written off as >> improbable. It's not like I'm using a Google account to log in to a >> Bookface.net website or whatever. > > Comodo issuing fraudulent Google certificates qualifies as "Google's > sites are compromised". OK, now we're on the same page. Yes, I agree. > > >> Or does Google rely on some other site to host, for example, YouTube? >> Are you saying that their whole one-google-account-for-all-google-sites >> is bad security? Because, that's what Google Apps (not talking about >> Android) is. > > It's a truism that password reuse is a problem. If you reuse passwords > then compromise of one server/service means compromise of many > servers/services. > > Single sign on subsumes one password for many servers/services. > > Therefore yes, what Google Apps does is bad security. Gotcha. > > >> Alright, but that's the whole using a Google Account to log in to >> Headdesk.com. I mean, if there's a federated login service for Google >> Accounts, this is the first I've heard of it / I've never heard of it. > > Google, Facebook, Microsoft and Yahoo all provide federated identity > services for third parties. Others do, too, but those are probably the > biggest names globally. > > Now you've heard of it. > > >> Another thing, related to endpoint security, is the mail client. They >> say it's good enough to have SSL with POP/IMAP but then again, I don't >> have much faith in the way SSL is implemented. Then again, I don't know >> how much faith I *should* have in it. > > None. > I strongly agree. People tend to avoid blaming large corporations and err on the side of but I agree, I don't feel secure using SSL with all the ways to break it AND the badly architectured chain of trust. Not that it's the same as plain text data, but it's not nearly as good as it was supposed to be.
- Follow-Ups:
- [Discuss] Are passwords even long enough?
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Are passwords even long enough?
- References:
- [Discuss] Are passwords even long enough?
- From: ingegnue at riseup.net (IngeGNUe)
- [Discuss] Are passwords even long enough?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Are passwords even long enough?
- From: ingegnue at riseup.net (IngeGNUe)
- [Discuss] Are passwords even long enough?
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Are passwords even long enough?
- From: ingegnue at riseup.net (IngeGNUe)
- [Discuss] Are passwords even long enough?
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Are passwords even long enough?
- From: ingegnue at riseup.net (IngeGNUe)
- [Discuss] Are passwords even long enough?
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Are passwords even long enough?
- From: ingegnue at riseup.net (IngeGNUe)
- [Discuss] Are passwords even long enough?
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Are passwords even long enough?
- Prev by Date: [Discuss] Are passwords even long enough?
- Next by Date: [Discuss] Are passwords even long enough?
- Previous by thread: [Discuss] Are passwords even long enough?
- Next by thread: [Discuss] Are passwords even long enough?
- Index(es):