I mean couldn't they just request direct access to the database without going through the pain of cracking your password? They can probably run the sql query on their own and get whatever they need.
I think the point here is that feds don't want to have to ask access to companies, or even getting noticed.
Operating directly on the database means either :
* requesting a dump that get quickly deprecated
* having a direct access to database, which can be traced
Using common interface, you can use it without rising any flags, except if companies specifically implement warning feature for known NSA/feds/whatever ips.
The best of that is that many people use the same password for several websites. So, having one, you may access data on an other website without the company knowing it.
As it becomes more and more clear big companies are fighting agencies here, decyphering passwords and using them abroad makes perfect sense.
Say they ask Amazon for your password, if you reuse the same password elsewhere like 99% of people, then they can access all your other accounts without any permission to ask. In this scheme, only one 'traitor' company compromises all others. People should really use unique passwords.
Operating directly on the database means either :
* requesting a dump that get quickly deprecated
* having a direct access to database, which can be traced
Using common interface, you can use it without rising any flags, except if companies specifically implement warning feature for known NSA/feds/whatever ips.
The best of that is that many people use the same password for several websites. So, having one, you may access data on an other website without the company knowing it.
As it becomes more and more clear big companies are fighting agencies here, decyphering passwords and using them abroad makes perfect sense.