SoylentNews is people
SoylentNews
I recently had a spirited discussion with someone about authenticating to various websites. I personally take the approach of making an explicit new identity for every service I sign up for — local logins only. I never user a "Social" login like twitter/facebook/google, etc to access a site.
My reasoning is:
- It's a little harder to track my movements across the web; less data for the big players to crunch has to be beneficial in some way.
- When a data breach occurs, it limits my exposure to the breached entity. With the thought that, if the place you use as your only Authenticator for all websites get's compromised, what kind of exposure does that entail?
For some background, I'm a ten year professional in Web Infrastructure, with Identity and Access Management making up a decent part of what I do. After pretty much being called an irresponsible professional and told that no identity information will leak due to the way OAUTH works, I thought I'd throw the question out to the community to get a feel for how you handle accounts to different websites, as well as the inherent tracking and security concerns thereof.
Bytram noted that we had a discussion on a similar topic a while back: Personal Privacy in a Surveillance World -- How Important is it? - SoylentNews
(Score: 0) by Anonymous Coward on Saturday August 08 2015, @01:17PM
I try to never leave any account logged in on my computer in the event that I leave it unattended. "Social" logins are probably a more common target for those that are nosey or want to play a prank and they would only need 10 seconds.
(Score: 0) by Anonymous Coward on Saturday August 08 2015, @03:18PM
My ICQ was permanently logged in. At a party a bitch (yes, a female geek with serious negativity and drug issues) turned my monitor on (yes yes this was back when w98 was cool) then proceeded to attempt to piss people off. Asshat.
Never leave your social accounts logged in.
(Score: 2) by maxwell demon on Saturday August 08 2015, @05:17PM
I usually don't leave my computer running when it is unattended. I mean, when I'm not using it, why should it run, waste energy and present an attack surface, no matter how small?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Saturday August 08 2015, @06:06PM
Same here but emergencies or events that require immediate attention occur.
I can count on one hand how many times I have been in this kind of situation where the computer was logged-in but I was out of reach of the keyboard. When I return, I always get an uneasy feeling when I realize that it was left unattended.
(Score: 2) by hendrikboom on Monday August 10 2015, @08:48PM
That happened to a Debian developer a few years ago. Someone used the unattended computer.
It took a month before all the repositories had been checked and most of the Debian developers' keys had been reissued through their chain of trust.
(Score: 4, Insightful) by Justin Case on Saturday August 08 2015, @06:22PM
You lack imagination. When my computer is unattended, I'm definitely still using it.
I come from a time when computers were for automating things, not just for watching cat videos. So I'm not happy unless I have a computer, or preferably many, working their asses off for me.