|
|
|
|
|
|
by w0utert
4723 days ago
|
|
|
>> So you want _yet another_ password between the user and his magical experience or whatever ? I find this a pretty weak objection. Do you really want to trade all your stored passwords for the convenience of not having to enter 1 additional password ('my Android backup password') once every one or two years when you activate a new or additional device?? I wonder how this objection rhymes with having logins on 20+ different websites? While I don't believe that Google wants to harvest your WiFi passwords (but also don't rule it out), I also don't think it's all that paranoid to assume that Google deliberately chose to not encrypt backups by default, so they can extract useful information from Android device backups. Or do you still believe Android is 'free' because Google is a charity? |
|
|
Now, in the 0.01% case, your counter argument still doesn't hold, in my opinion:
> Do you really want to trade all your stored passwords for the convenience of not having to enter 1 additional password ('my Android backup password')
Yes.
Even strong wifi passwords can be brute-forced within minutes from the curb by anybody with an unmarked van and a measly few GPUs. At this point in the technology race, wifi passwords are really just keeping the honest people out. If you want something stronger, you're going to have to go to machine certificates on each laptop / mobile device.
> once every one or two years when you activate a new or additional device??
Even worse, passwords that aren't used often exit my fingers' memory and are thus lost to time (unless I write them down and store them in my safe deposit box or keepassdroid or whatever, but "hardly anybody" does this, so Google would get phone calls from users every year or two saying "can you give me the password that I'm supposed to be using to keep from giving you my passwords? kthx").