Hacker News new | ask | show | jobs
by axod 5843 days ago
> "The other fix would be to use an email address that can't be guessed from the blog address. In other words, the email address is the password."

You'd still be sending your password in the clear, possibly through other peoples mail servers. Not great security.
1 comments
tman 5843 days ago
The perfect is the enemy of the good.

There is a trade-off here between security and usability. 99% security is good enough for a lot of purposes and has its place.

link
infinite8s 5843 days ago
Except that's more like 10% or even 1% security.
link
tman 5843 days ago
Oh really? I don't think you know what you mean.

In point of fact, I just sent myself a very important password in clear text. Hack me.

link
axod 5843 days ago
The task for a spammer isn't to hack <USERS> account. It's to hack ANY account.

Being able to hack any posterous account is going to be far far easier than trying to hack a particular account.

link
infinite8s 5843 days ago
Except that's more like 10% or 1% security.
link