<div class="gmail_quote">On Fri, Jun 26, 2009 at 3:31 PM, Nicolas Holzapfel <span dir="ltr"><<a href="mailto:signup@nholz.com">signup@nholz.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><blockquote style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex" class="gmail_quote"><div><a href="http://twitter.com/aarnott/status/2009287785" target="_blank">I've confessed to insanity before</a>.
But whether or not I'd want to refute this particular accusation would
first require that I know on what grounds the accusation stands. Does
your anonymous co-designer call my insane because I'd want to disable
my password? Personally, I trust my OP much more than I trust my own
ability to manage hundreds of secure passwords. So yes, I'd want to
disable my password. Short of a password disable feature, I'd change
my password to a cryptographically strong random password so that
neither I nor anyone else could ever log in using it again... thus
providing me with as much login security as my OP affords (which is
phishing resistant and more convenient than remember so many secure
passwords).</div>
</blockquote>
</div><div style="margin-left:40px">- Andrew Arnott<br>
</div>
My anonymous co-designer would judge you insane on the grounds that by
changing your password to a cryptographically strong random password
that neither you nor anyone else could ever log in again you are, in
effect, disabling your site-specific password, so there is no point
whatsoever in you having the option to disable it in a more
straightforward way. The anonymous co-designer says that since Media
Temple is practically impenetrable, your password is only insecure when
you're typing it in, so since you never type it in again, it is
completely secure.
</blockquote></div><br><div>I think it was Shade who pointed out after my comment about changing my password to some crazy value that that still isn't as secure as disabling the password, since a "password recovery" step might easily allow someone to circumvent that security and commandeer my password and thereby my identity.</div>