zlacker

[parent] [thread] 8 comments
1. shadow+(OP)[view] [source] 2023-07-22 03:31:06
Changing away from Gmail would lose me access to an uncounted number of sites where my login is Oauth of some flavor or other.
replies(1): >>cube00+V2
2. cube00+V2[view] [source] 2023-07-22 04:03:36
>>shadow+(OP)
You can move away now or wait until they lock you out (and thereby lock you out of all you OAuth sites) with no recourse. The endless cries for help in /r/GMail/ says it all.

OAuth sites will let you change your OAuth provider or even better switch to a local account on their site and use a password manager so you don't tie everything to an OAuth provider unless the site will accept a self hosted one.

replies(1): >>shadow+o6
◧◩
3. shadow+o6[view] [source] [discussion] 2023-07-22 04:42:36
>>cube00+V2
I avoid giving a password to random sites online for a reason: I trust Google's password databases to be a lot more airtight than joerandomsite.tld.

That includes password databases.

replies(2): >>BHSPit+nk >>cube00+Sp
◧◩◪
4. BHSPit+nk[view] [source] [discussion] 2023-07-22 07:34:17
>>shadow+o6
What's the harm in giving some sketchy site a unique, random password only used with that site? (In contrast to letting them have your Google profile and all that comes with it)
replies(1): >>shadow+wM
◧◩◪
5. cube00+Sp[view] [source] [discussion] 2023-07-22 08:43:51
>>shadow+o6
Something to consider when you save your passwords in Google, you can "forget" and reset your Google account password and all your passwords are still there. Compare that to a proper password manager where if you forget the master password (assuming sufficient complexity) nobody is getting those passwords back ever. So Google has full access to your passwords whenever it feels like it.

As the other commenter said, there's zero risk giving a dodgy site a randomly generated password used only for that site, the randomly generated password gives them no information or pathway to any other web site.

replies(1): >>shadow+hu1
◧◩◪◨
6. shadow+wM[view] [source] [discussion] 2023-07-22 13:13:01
>>BHSPit+nk
The need to retain one unique random password per site (as opposed to having one extremely secure Gmail password with two factor authentication attached to it).

It's the old twin airplane principal from the hacker's dictionary: the virtue of putting all your eggs in one basket if the basket is built very well.

◧◩◪◨
7. shadow+hu1[view] [source] [discussion] 2023-07-22 18:45:17
>>cube00+Sp
That's a feature, not a bug. I don't want to lose all of my passwords if I have to reset my Google password.
replies(1): >>allarm+8V3
◧◩◪◨⬒
8. allarm+8V3[view] [source] [discussion] 2023-07-23 18:10:33
>>shadow+hu1
You will lose them all when Google decides to lock your account.
replies(1): >>shadow+Zz4
◧◩◪◨⬒⬓
9. shadow+Zz4[view] [source] [discussion] 2023-07-23 22:25:10
>>allarm+8V3
I have them backed up to a second account.
[go to top]