On Tue, 6 Oct 2015, Edward Ned Harvey (lopser) wrote:
From: [email protected] [mailto:[email protected]]
On Behalf Of Josh Smift
ENH> What I mean is, there is zero benefit and all downside, to exposing
ENH> your password to any servers.
Yes, *if Google offered me the option*, it'd be all benefit and no
downside to switching
Allow me to rephrase:
There is zero benefit to *the practice of* exposing passwords to servers for
purposes of authentication. If given a choice between two services that are
otherwise equivalent, using a service without exposure is better.
Are most passwords compromised on the server or on the client? As far as I know
it mostly happens client side. If this is true, it greatly reduces the value in
doing this. If the attacker is in the client browser, it doesn't matter what you
send to the server, the attacker still has your password.
I'm not saying that there is no value, but your message is very misleading.
David Lang
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
