8 million leaked passwords connected to LinkedIn, dating website (ars technica) [LWN.net]

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 8, 2012 23:25 UTC (Fri) by paulj (subscriber, #341) [Link]

I'm willing to trust the operator of that one server, more than any of the many sites that want passwords. I believe they have very good backup systems, however I also have my own local backup.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 8, 2012 23:28 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

it's not just having backups, it's keeping your data safe (both from outsiders and insiders)

if someone gets those passwords, they get access to everything.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 8, 2012 23:34 UTC (Fri) by paulj (subscriber, #341) [Link]

The servers are run by the same organisations who provide the code for the browsers, that I run and use to access those websites. So I already trust them quite a lot, whether I realise it or not.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 8, 2012 23:43 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

trusting them to not have something in the code that sends a copy of the passwords out to them secretly is one thing (especially with people interested in watching what browsers send out, and the code being available for inspection)

trusting them to not have any insiders who would be interested in your bank's account and passoword, and to keep their systems secure enough to prevent outsiders who are interested in your bank's account and password is something very different.

Yes, I'm one of those paranoid folks who doesn't even let my browser remember passwords locally on my system. :-)

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 8, 2012 23:54 UTC (Fri) by paulj (subscriber, #341) [Link]

I don't let my browser store credentials for any highly-sensitive web-sites, like online banking (and anyway, my online banking login is deliberately designed so that browser credential-storing can't work). Highly-sensitive credentials like that I keep only in my head.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 9, 2012 0:48 UTC (Sat) by martinfick (subscriber, #4455) [Link]

Oh I hate when they do that, etrade used to, but they quit. I complained to them that it actually makes things less secure. I suspect that they eventually agreed.

Seeing as phishing is a very common theme, having to type your password over and over again makes you very succeptible to it. At least when your browser remembers your password you won't likely accidentaly type it into a phishing site. If your browser remembers the password for you, and you visit what you think is your commonly accessed site, and your browser does not auto populate your password, it should send up red flags in your head: "why does it not remember my password?" Oh perhaps because I misstyped and that isn't really an etrade url!

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 11, 2012 8:51 UTC (Mon) by jezuch (subscriber, #52988) [Link]

> Oh perhaps because I misstyped and that isn't really an etrade url!

Then don't type the address? Always access the site via bookmarks or maybe rely on the browser's autocompletion (based on bookmarks and/or browsing history). And, of course, never, ever click on links in email.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 9, 2012 15:20 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

At least Firefox uses a master password to encrypt password data uploaded to the cloud storage.