Must every app data store reinvent the wheel rather than use operating system functionality?
On Thu, Aug 8, 2013 at 10:42 AM, R. Jason Cronk <r...@privacymaverick.com> wrote: > I'll bite. You design your systems for the threats your users face. As many > have mentioned, the threat most users face is from a spouse, partner, > business associate, sibling, parent, children. Password fields don't display > typed text to protect against shoulder surfers. It clearly doesn't protect > again other adversaries such as keyloggers or others with access to the > browser DOM. In this light, I think it is reasonable to encrypt the site > passwords with a master password or at least have require a master password > to display the cleartext. It could always have an option to disable or use a > blank default master password for those who don't face the threats > illustrated above. > > Really, however, we need to move to a post password model, that combines > security and useability. > > My 2 cents. > > Jason > > > > On 8/7/2013 10:04 PM, Brian Conley wrote: > > Are they being irresponsible or aren't they? > > http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link > > That is a serous question in interested to hear a variety of opinions on, > both for and against Google's position, OK go! > > Spoiler alert, I think both players are being jerks and not considering the > importance of outreach and how users learn... > > > > -- > Liberationtech list is public and archives are searchable on Google. Too > many emails? Unsubscribe, change to digest, or change password by emailing > moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > R. Jason Cronk, Esq., CIPP/US > Privacy Engineering Consultant, Enterprivacy Consulting Group > > phone: (828) 4RJCESQ > twitter: @privacymaverick.com > blog: http://blog.privacymaverick.com > > > -- > Liberationtech list is public and archives are searchable on Google. Too > many emails? Unsubscribe, change to digest, or change password by emailing > moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- @kylemaxwell -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
