14 December 2010

The bad news is that most users don’t pick strong passwords. This has been proven time and time again, and the Gawker data is no different. Even worse, most users re-use these bad passwords across multiple websites. That’s why this ugly Twitter worm suddenly appeared on the back of a bunch of compromised Gawker accounts.

Now do you understand why I’ve been so aggressive about promoting the concept of the internet driver’s license? That is, logging on to a web site using a set of third party credentials from a company you can actually trust to not be utterly incompetent at security? Sure, we’re centralizing risk here to, say, Google, or Facebook – but I trust Google a heck of a lot more than I trust J. Random Website, and this really is no different in practice than having password recovery emails sent to your GMail account.

via Coding Horror: The Dirty Truth About Web Passwords.

I’d rather not use Facebook Connect because the connected site then gets access to my data, but OpenID, Twitter OAuth, or Google OAuth sound even better now.

blog comments powered by Disqus