WingNews logo WingNews GitHub [2]

mbildner's comments

mbildner | 4 years ago | on: Securely Yours, Love Password Managers (2021)

You are fundamentally correct: to make your passwords safe from hackers you are making them harder for yourself to access (in this case by requiring MFA). Accessing your passwords now requires having access to a device (your second factor).

There are recovery mechanisms that you can set up ahead of time (a series of recovery codes for example), but for the most part I would agree with your premise: you will have a very hard time accessing your accounts if you ever lose your primary devices. For me the security benefit is worth the inconvenience.

mbildner | 12 years ago | on: Today I Deleted My LinkedIn Account; You Probably Should Too

wrt your first point you are absolutely 100% right, and I said so in the article. I agree that failing to manage my login permissions exposes me to problems. But a system that makes it this easy for people to get screwed is a bad system. In my case the only downside is that I get annoying emails - but giving inbox permissions on fb or email exposes you to huuuuuge problems. People keep all kind of things there that they shouldn't - passwords, I'll bet you have ten friends with their social security or all kinds of PHI in their gmail. In my case I take responsibility for the silly emails I get because of it. I also go through fb and google permissions and cull them, but that is not always enough, especially if you're facing a malicious site. But my problem isn't how this affects me, it's how it affects users who don't understand the danger here - which is most people. Some people think the answer is either "everyone learns to code or everyone loses control/rights", but I think that doesn't make sense. You don't expect everyone who drives to fix their cars themselves, and when one breaks and hurts them you don't mock them for their carelessness in getting such a complicated piece of equipment (I hope). We always abstract complexity away from new technology so that it can be used conveniently and safely, which is great. In the same way I think people building complicated web tools should do so responsibly, so that their users don't expose themselves to problems by using them. You don't have to abuse access permissions to make a great tool, and I'm willing to bet that these controls will get more and more tightly controlled to keep things like this from happening. That's exactly what happened to Facebook's messaging api, which no longer permits developers to problematically send messages, to prevent spam.

mbildner | 12 years ago | on: Today I Deleted My LinkedIn Account; You Probably Should Too

A bunch of people have (correctly, I think) pointed out that more recent LinkedIn emails come from them directly. I have seen emails as recent as 2012 sent from user addresses: http://imgur.com/gallery/fapPDhZ/new (sorry for the manic smudging).

Anyhow, assuming these are anomalous, and that LinkedIn has generally moved to sending emails properly, I still stand by my decision to close down my account. I haven't gotten anything useful out of it and I have been consistently annoyed by it. Not devastating, but like I said, annoying. If you use it and love it then great! I hope LinkedIn keeps on improving and becomes/stays (your option) a great company. But if you're not getting anything out of it, then I think it would behoove you to think twice about why you maintain the account, and if it's nothing but annoying then at least consider getting rid of it.

page 1