I don't see anywhere in those terms that a lawyer could *without a doubt* use to hold Google harmless if Google's servers were hacked (their fault) and a client's login info stolen and used to access a bank account.
I think a jury would see Google as liable for their failed security. But I'm no lawyer... I do however, begin to get concerned when clients want their personal data "secured" that a weak password could come back to bite them and me as well. The weak password, it would seem to me, would have to be the result of a user's sole choice, bypassing all guidance and cautions that I provide, including a strong password option. It is an interesting discussion. As my clients become more widespread and less "personal", the chance of lawsuits increases. Just want to protect my "assets"... Rick > -----Original Message----- > From: Todd [mailto:[EMAIL PROTECTED] > Sent: Friday, January 25, 2008 9:35 AM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > Would you consider gmail to be pretty important if you used it daily like I > do? Let's take a look at what Google says in their EULA: > > ===================================================== > 6. Your passwords and account security > > 6.1 You agree and understand that you are responsible for maintaining the > confidentiality of passwords associated with any account you use to access > the Services. > > 6.2 Accordingly, you agree that you will be solely responsible to Google for > all activities that occur under your account. > > 6.3 If you become aware of any unauthorized use of your password or of your > account, you agree to notify Google immediately at [snipped URL]. > ===================================================== > > I don't remember that gmail had very strict password rules. Yet their > legalese basically negates the need since they pretty much label you > responsible for everything that happens under your account. If my bank gets > hacked because I use my same username / password as my gmail and it was > obtained via gmail somehow, does that legalese mean Google is in the clear? > > ~Todd > > On Jan 25, 2008 9:17 AM, Rick Faircloth <[EMAIL PROTECTED]> wrote: > > > Well, I was just kinda "giving the bottom line". Of course, in the real > > world, a much "kinder, gentler" way of saying it would be appropriate. > > > > I can also compromise by letting you choose your password, but stipulate > > that it require one or more of certain characters, a mix of caps and lower > > case, etc., > > or I can allow you to choose your own password without any stipulations, > > but you have to sign a waiver holding me harmless. > > > > I don't see that as unreasonable. You get to decide how to handle your > > password, if you like, but you just can't blame me in the case of a poor > > choice which leads to your ruin. I'm not going down with you... > > > > I think that's fair. > > > > I'll be most EUA's have something like that buried in their "legalize". > > > > Thoughts? > > > > Rick > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297424 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
