Hacker Newsnew | comments | show | ask | jobs | submitlogin

Emails should (admittedly they're often not) be treated like postcards, they're not secure. They'll go over the wire in plaintext, they'll be read in public, etc.

Most businesses which actually require secure messaging will tend to use self-hosted web based email (like most banks do), encrypted messaging (Salesforce Chatter, Reuters Messenger) or secure virtual deal rooms.




That's a straw-man. LinkedIn is attacking the human side of information security, not the technical side. They're going after email today because it happens to be everywhere.

Tomorrow's communication system could be leagues more secure than email, but if we don't put LinkedIn in their place now, we're signaling to them that they're welcome to try the same thing tomorrow (perhaps using PGP keys instead of login credentials). Even the most secure cryptosystems are worthless if you can convince a small subset of users to hand you their keys to the castle.

Obviously email today is pretty terrible and should be treated like a postcard, but it's the principle that I'm getting upset about. I don't want LinkedIn conditioning my mom and dad into thinking that it's reasonable to hand over your login credentials, because it most definitely isn't.

-----


I agree that oauth is a better solution, but more broadly on this issue account/password sharing is pretty common in the business world because many services don't support multi-user access to accounts.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: