a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by p0mmesbude
p0mmesbude  ·  4348 days ago  ·  link  ·    ·  parent  ·  post: Hubski with ssl?

You don't need to be super paranoid to find SSL useful. No SSL means your login data is transmitted unecrypted, which means it's easy for anybody to read it, especially if you log in from a public wifi. If you're using the same username password combination on other sites you're in big trouble. So I agree, this should really be fixed.

Edit: Even if you don't log in from public wifis it's easy on this site to steal the accounts from users you share the network with.





ecib  ·  4347 days ago  ·  link  ·  

Agreed. The sheer volume of online password protected services the average user engages with practically demands re-use of passwords if they are to be memorable. Capture one site's credential and you've often captured at least a few more by proxy. I always appreciate SSL no matter how trivial the service using it may appear to be for this reason.

DanQ  ·  4346 days ago  ·  link  ·  

I'd highly recommend that you consider a free tool/service like LastPass, KeePass, or SuperGenPass to allow you to easily use a different password for every service.

ecib  ·  4346 days ago  ·  link  ·  

Yeah, I've been meaning to forever but just have not gotten around to it. Sounds like a task for the next time I find myself on my couch with some time to spare :)

ll  ·  4345 days ago  ·  link  ·  

Thing is, it really is convenient.

If you do not want to set that up, you can always have a password like ThisIsAPassword-Hubski for hubski, or ThisIsAPassword-Facebook, it is slightly safer, makes the password stronger, and it actually helps discover where a leak of passwords came from, as usually someone will dump the passwords on pastebin without a source, and passwords like that will help identify it.

ecib  ·  4345 days ago  ·  link  ·  

Ah, see, I always viewed the latter option as terribly unsafe. If one is compromised, then the attacker has access to a wide range of services as the function is obvious.

But thanks for reminding me to set up a pass manager :)

ll  ·  4345 days ago  ·  link  ·  

It is slightly more secure than using the exact same password everywhere, as when one site is compromised, the password can be put in a wordlist for brute forcing or hash cracking.

So instead of using ThisIsAPassword for every site, you have a slight variation but it is still extremely convenient to remember it.