> > > Exactly. To invoke the insurance metaphor as a simple > cost/benefit analysis; a determined thief WILL succeed in breaking into > your house, regardless of how many locks and security cameras you have - so > the best strategy is to limit the damage. There might be a cultural/social > issue buried here though, as my bank is obliged to cover > (non-social-engeneered) fraud and in case of bankruptcy my > government guarantees for whatever money I have in the bank. >
I should specify; "limiting the damage" means, among other things, not to allow one compromised account to escalate by i.e. using unique passwords (or password layers), unique email addresses (or aliases), two-factor auth etc. It's the escalation aspect that frightens me the most with the SSO login aggregation solutions discussed in this thread. Which reminds me, does any of these support security layers or rings? That is, one layer for non-important stuff (i.e. google groups), one for medium important stuff (say amazon) and of for very important stuff (email, banking) in order to minimize exposure? -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/JtShAZL88hoJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
