[ale] help - how do I log into learnstreet without ...

Robert Reese ale at sixit.com
Thu Mar 28 21:08:13 EDT 2013 

Hello Michael,

Thursday, March 28, 2013, 11:06:50 AM, you wrote:

> On 03/27/2013 04:39 PM, Jim Kinney wrote:
>> Ron, your level of paranoia is becoming disturbing. I'm not trying to be
>> mean or attacking, but seriously, this is sounding a bit nutty to me.

> +1.

-1


> Best security practice isn't to have a different username and password
> everywhere, exactly.

But it is part of it.


> A lot of web applications are going with sign-in over the Web through
> various providers.  Now, I would love to see sites support Google,
> Twitter, Facebook, etc., but also support plain Jane generic OpenID as
> well, along side those.  OpenID is a safe and usable SSO method on the
> Internet.

I am strictly opposed to OpenID.  That is a really, really bad idea in my opinion: Compromised once, compromised everywhere.

And NOBODY gets my login credentials for ANY OTHER SITE.  Period.  End of story.  In fact, I support legislation outlawing the requirement of third-party login credentials; there are plenty of verification and authentication methods that work just fine without handing over authentication data to a third-party.

I'm not sure I trust LastPass, either.


> I use stronger passwords than probably most people on this list do for
> most things, but I don't much need a bookkeeping method for my passwords
> because I leverage SSO technologies where I can.  They make my life way
> easier, at a minimal cost, and I never actually have to share my
> authentication data with third party sites that I sign into that way.
> It's win/win.

Lose/lose, when that SSO is compromised.  Nor do I believe that those sites don't get authentication data; every single one of them I've seeen asks for username and password.


> What constitutes a "security breach" in one environment might be
> expected, even normal behavior in another environment altogether.

Please give an example of this.


> We can all agree that, for example, plaintext communication is unsafe
> across the Internet for many things.  But on an intranetwork,
> particularly a very small and isolated intranetwork, there is little
> need to increase complexity just to have communications be encrypted on
> that network.  Internetwork links transited over the public Internet,
> though, that's another story altogether.

Apples and oranges.  The discussion has nothing to do with intranets, which is supposed to be a walled garden with respect to the outside.

Personally, I'd tell learnstreet to take a hike, just less politely.

Cheers,
Robert~

More information about the Ale mailing list