| ▲ | growse 9 days ago |
| There's a tension here between "user freedom" and a service wanting to make sure that credentials that it trusts to grant access to stuff aren't just being yolo'd around into textfiles on people's dropboxes. People forget that one of the purposes of authentication is to protect both the end user and the service operator. |
|
| ▲ | eredengrin 9 days ago | parent | next [-] |
| Sure, but as long as the fallback for account recovery is sending a reset email or sms (both of which are similar or worse than yoloing textfiles on dropboxes), that's a very tough argument to make in good faith. |
| |
| ▲ | growse 9 days ago | parent [-] | | I agree that account recovery isn't the best. But just because that sucks doesn't mean there's zero value in improving credentials. |
|
|
| ▲ | account42 9 days ago | parent | prev | next [-] |
| What people do on their own computer is none of the service's business. |
| |
| ▲ | growse 9 days ago | parent [-] | | It is if it puts the service at risk. | | |
| ▲ | AlexandrB 9 days ago | parent [-] | | This attitude has got to stop. Is it not enough that there's no customer service and it's almost impossible to sue these companies thanks to arbitration clauses? Now they need to have control over our computing to keep themselves safe? And how many recorded incidents of losing an account because someone had their "password in a text file" are even out there? The most common scenarios one hears about are either phishing or social engineering. | | |
| ▲ | growse 9 days ago | parent [-] | | Do you think someone running a service that's under constant denial-of-service attacks would be sympathetic to the argument that "What people do on their own computer is none of the service's business". Pretty much every service out there has "don't share credentials" in their ToU. You don't have to like it, but you also don't have to accept the ToU. |
|
|
|
|
| ▲ | nyeah 9 days ago | parent | prev | next [-] |
| Note the scare quotes around user freedom. Perhaps user freedom is a notorious fake issue, a bizarre misconception, or an exotic concept that nobody understands. |
| |
| ▲ | growse 9 days ago | parent [-] | | I don't know what "scare quotes" are. They're just regular quotation marks, because I'm quoting. | | |
| ▲ | nyeah 9 days ago | parent [-] | | Sure, I stand corrected, you "don't know" what I'm talking about. | | |
| ▲ | growse 9 days ago | parent [-] | | Literally no idea. My point was that freedom is not an absolute, it's balanced against other freedoms. It's hard to tell whether you agree with that or not. |
|
|
|
|
| ▲ | tsimionescu 9 days ago | parent | prev [-] |
| What does Microsoft stand to lose if someone steals my passkey for Outlook from a text file I yolo'd into a Dropbox? |
