[laurenceputra]

i'm not assuming you are incompetent. what i'm saying is that no system is fully secure, and by saving the users' passwords, you are risking them.

one of the first rules i learnt in web development is this, you do not store passwords. (http://www.codinghorror.com/blog/2010/12/the-dirty-truth-abo...) you never assume that your system will be so secure that no one can hack it.

[nubis]

Indeed, no system is fully secure, and we don't try to hide that fact, that's one of the reasons Dropmyemail exists in the first place. We offer people an off-site backup at the cost of trusting a third party with their password. This is a risk assessment discussion, and I believe although good for raising awareness about what dropmyemail offers, the original articles fails to make a distinction between the objective information it provides and what are your personal valuations on the risk involved (for example, it assumes one of the worst possible scenarios regarding our competence). Things get a bit confusing when non security related topics like storage capacity are mixed in though. I believe you are trying to help people to be safe and choose the better tool to solve their problem, I do think you are underestimating them a bit, but in case I'm wrong I repeat how valuable your article is in raising this issues.

[laurenceputra]

And again, I am not doubting your competence. What I am saying is that we are all humans. Google might have hired the best computer scientists around the world but they still got hacked. It might even be a problem with the programming language you are using (rmb mass assignment on ROR?)

"We offer people an off-site backup at the cost of trusting a third party with their password."

Yes, this is my main point. People have to learn that they shouldn't be giving out passwords to just about anybody.

I think this guy in the comments here (http://blog.geeksphere.net/2012/09/27/response-to-dropmyemai...) made a pretty good point. Maybe you might want to answer his doubts there?

[nubis]

I fail to see the point made by that commenter that has not been made yet in this thread, other than the funny accusation of malice. We don't store plaintext passwords, and we are very aware of mass assignment bugs. (being suspected of such naive practices is why I mentioned the incompetence thing earlier). If security is a chain, then we strive not to be the weakest link. People have to learn what's the risk involved in giving out their password, how to evaluate who they give it to, and then make their own choice regarding whether they want to give it away or not. I get my hopes high when I read that you wouldn't mind people giving their password to a company that is better than 'just about anybody'. Convincing people that we are trustworthy was a big initial challenge for us, and still is as we reach out to more and more users.

[laurenceputra]

yea, you are now aware of the mass assignment bugs, but what about previously? even github got affected by it. are you saying that they are incompetent? what about bugs that have yet to be revealed?

what i am saying is that there may be some things that you forget about, because we are all humans. and in order to mitigate the risk from us being humans, we should not store passwords in a way that is easily recovered.

[prusswan]

Have you stopped beating your wife? Are you now aware of the mass assignment bugs?

Aside from the fallacy, it is a false argument to pose all risk as bad. Given what is presumed to be your idea of acceptable risk, I would expect you to surf the net behind 7 proxies: http://knowyourmeme.com/memes/good-luck-im-behind-7-proxies

[nubis]

You're repeating yourself now, do remember that all systems are built by humans, and as far as encryption goes do remember that unless your email is encrypted on the server using a password requested from you in order to encrypt and decrypt it every time you read it, then you are not safe. We are professionals offering a professional service. And FYI, Rails developers have been aware of mass assignment bugs a long time before github got bitten.

[newman314]

Oh come on.

IFTTT does the same exact thing for some of their "connectors" services. Maybe you should go after them to.

Where IFTTT fails is that they have not IMO adequately explained just how they store these passwords.

http://www.quora.com/How-does-ifttt-securely-store-passwords...

Don't just read some web article talking about "always hash passwords" and repeat it as mantra. This is good practice for 90% of the time but there are definite use cases where having reversible encryption of passwords is necessary.