On Tue, Dec 18, 2012 at 7:08 AM, Fabrizio Giudici < [email protected]> wrote:
> > This is an additional risk that is not alternative to the other. Thus, we > have to deal with both. Right, but I think the pendulum has swung far enough on the "secure password storage" side while it has barely moved on the "social engineering break in" aspect. If you're worried about the safety of your private information, I think your time will be better spent making sure that the companies you entrust have safe "reset" procedures than asking to see the source code of their encryption back end. Wired published a very enlightening article on this very topic<http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/>last month, I highly recommend it. -- Cedric -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
