Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I guess that's true. But is that the big limitation, laziness?


Lazines is the exact reason people don't bother with correct password management. Lots of people know that password re-use is bad. Yet almost all of us practice it to some degree. Lots of people know that passwords should be as long as possible and as "random" as possible - yet only a select few truly follow this. Why? Because it's just easier to type "john123" than "Jh98N%@badmouthpiecez". Ask anyone which one is a better password, and what would they prefer and what would they truly end up using. Laziness.

The problem with passwords is not their strength. It's not the passwords themselves. It's the way people use the web. For example in the article the author mentioned that because he had all the accounts linked, breaking one meant ability to break the others. Well duh! Perhaps try NOT linking accounts together like that next time?! Oh? It's hard? It's not. It's inconveinient. We're lazy and we want our stuff to be in one place, "cloud", because "it just works". And when shit just hits the fan, you're screwed. Not because of passwords, but because of the way you manage your "digital life".

The whole "digital life" concept is utterly retarded from security point of view. Not the passwords.


Isn't that the big limitation in everything? :)

Think about every massive online success, past and present. MySpace, for example, was not fundamentally different than how you could upload an HTML page to a server...though designing and maintaining links is obviously work beyond the average dedicated developer. And Facebook was not fundamentally different than MySpace, but its news feed eliminated the work of visiting every friend's profile to figure what happened today, which made it much more likely that you'd be "rewarded" (in the psychological sense) for visiting facebook.com rather than myspace.com...

And so forth. The password encryption schemes used as an industry standard are quite secure against a brute-force, random intruder. So social-engineering is a much more viable way to break-in...and why does Bob read his password over the phone to someone claiming to be from IT rather than take the time to verify the integrity of the transaction?...Laziness.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: