|
|
|
|
|
|
by thwarted
6547 days ago
|
|
|
The password as the basis for authentication and generating the encryption is useful in this instance to be able to "blame" someone when they are using your service incorrectly. At the very least, you can notify someone to change their password because their account has been compromised. You know _who_ is responsible for the request because it was authenticated. In other words, your EULA/terms-of-service is a long the lines of "you are responsible for the user of this service using your login credentials, which can be revoked at any time if we perceive you to be violating the terms of service". Then becomes a little more manageable as a social problem (which it is), rather than solely relying on a technical solution to a social problem. |
|
|