LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 8, 2012 23:43 UTC (Fri) by dlang (✭ supporter ✭, #313)
In reply to: 8 million leaked passwords connected to LinkedIn, dating website (ars technica) by paulj
Parent article: 8 million leaked passwords connected to LinkedIn, dating website (ars technica)

trusting them to not have something in the code that sends a copy of the passwords out to them secretly is one thing (especially with people interested in watching what browsers send out, and the code being available for inspection)

trusting them to not have any insiders who would be interested in your bank's account and passoword, and to keep their systems secure enough to prevent outsiders who are interested in your bank's account and password is something very different.

Yes, I'm one of those paranoid folks who doesn't even let my browser remember passwords locally on my system. :-)

(Log in to post comments)

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 8, 2012 23:54 UTC (Fri) by paulj (subscriber, #341) [Link]

I don't let my browser store credentials for any highly-sensitive web-sites, like online banking (and anyway, my online banking login is deliberately designed so that browser credential-storing can't work). Highly-sensitive credentials like that I keep only in my head.

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 9, 2012 0:48 UTC (Sat) by martinfick (subscriber, #4455) [Link]

Oh I hate when they do that, etrade used to, but they quit. I complained to them that it actually makes things less secure. I suspect that they eventually agreed.

Seeing as phishing is a very common theme, having to type your password over and over again makes you very succeptible to it. At least when your browser remembers your password you won't likely accidentaly type it into a phishing site. If your browser remembers the password for you, and you visit what you think is your commonly accessed site, and your browser does not auto populate your password, it should send up red flags in your head: "why does it not remember my password?" Oh perhaps because I misstyped and that isn't really an etrade url!

8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Posted Jun 11, 2012 8:51 UTC (Mon) by jezuch (subscriber, #52988) [Link]

> Oh perhaps because I misstyped and that isn't really an etrade url!

Then don't type the address? Always access the site via bookmarks or maybe rely on the browser's autocompletion (based on bookmarks and/or browsing history). And, of course, never, ever click on links in email.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds