Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
Posted Jul 23, 2013 9:56 UTC (Tue) by tialaramex (subscriber, #21167)
I say "just", this is clearly a ridiculously over-complicated system, but that's the price we pay for marginally better (email resets mean it can never be more than marginal) security in the face of interfaces designed for the appearance of convenience. Real authentication systems are too difficult for the zero friction experience that is desired by advertisers, and thus by the services they fund.
Posted Jul 23, 2013 15:21 UTC (Tue) by mathstuf (subscriber, #69389)
Well, this is what 2-factor authentication on email is for :) . Or SSL client certs if you run your own email.
As for using your phone, yeah, I'm aware the phone can fill the gap, but that doesn't mean its the only solution. Plus, given the sync solutions available, services which encrypt.the data would be nice (personally, I'm anxious for git-annex to be supported on Android).
Ubuntu Forums account information breached
Posted Jul 23, 2013 16:34 UTC (Tue) by raven667 (subscriber, #5198)
With the deployment of mobile computers and wireless data, needing to log in from some unknown computer is a fading use case.
Posted Jul 23, 2013 23:47 UTC (Tue) by lopgok (guest, #43164)
The best solution is a smartphone with keepass or something compatible with it. I do have a few memorized passwords.
However, I have a total of about 350 unique passwords, and there is no way to memorize all of them, with reasonable password complexity.
If I am logging in somewhere, I almost always have my notebook available, and I have keepass for it. If I don't have a notebook or smartphone, I am severely limited in what I can access. I think that is a reasonable tradeoff for my security. Beats getting my apple/ubuntu/sony account hacked.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds