Thursday, October 13, 2022

How some sites advertise their insecurity

from here and here

When they say your password is too long what they're really telling you is that they haven't the faintest idea of how to store your password securely and you should expect that any data breach will expose your password - so you definitely shouldn't be reusing one from elsewhere. Ideally you should use something randomly generated by a password manager. I mean you could also just not sign up at all, but if the password leak doesn't affect anything else, what's the harm? It would be great if they were protecting you from the bad guys, but so long as you're protecting yourself from their incompetence at protecting against the bad guys then any damage should be minimal.

Oh, it should go without saying that you absolutely should not use the site for anything related to money. Don't use it for email (the key to your online life) or any other kind of communication either.