Comments | suggestions: Opt-out of password security notification

tlynnjpeg in suggestions

Opt-out of password security notification

May 16, 2011 18:54

Title
Opt-out of password security notification

Short, concise description of the idea
Provide a check box acknowledging the password security server message without making any changes to your password, to prevent future displays of the same server message.

Full description of the ideaAfter posting, a server message comes up if the site has deemed ( Read more... )

opt-outs, security, § no status

Comments 25

boredinsomniac May 18 2011, 04:11:34 UTC

I think there would be another problem with this suggestion. The option would be popular with a lot of people who are aware that their passwords are weak, but who don't care. Their thinking is that if they're okay with their LJ account being insecure, that's no one's problem but their own. "I don't think pictures of my cats need to be as secure as my bank account."

The problem is that if one person's account is broken into, it also compromises the security of that person's friends, who may have posted sensitive information visible only to their friends. Friends' full names, phone numbers, home addresses, employers, etc could be revealed.

andy May 18 2011, 04:23:42 UTC

This. I also personally don't think the box is that annoying (well, other solutions to the problem might include emailing users every so often, or preventing them from logging in until they change their password, or showing the warning in a nasty pop up window to interfere with other site functionality), so nagging users with it about their security is more of a good thing rather than a bad thing.

boredinsomniac May 18 2011, 04:28:39 UTC

At one time it was impossible to use an account if its password was not secure. I didn't know that had changed until I saw this suggestion.

trixieleitz May 18 2011, 08:07:05 UTC

Yes, I thought that that was the case. Maybe the way to implement this suggestion is to go back to that ;)

Thread 21

scien May 18 2011, 07:12:31 UTC

...Or maybe you should pick a more secure password? :P Your list of benefits all sound like drawbacks to me. Easily compromised accounts are bad for the site as a whole, not just for the individuals who own them.

pauamma May 18 2011, 18:17:46 UTC

Only if checking that box triggers some action to protect people who friended you, like removing you from their flist or posting a public, non-deletable entry to your journal, advising people to defriend you because you're playing fast and loose with their privacy.

mskala May 20 2011, 12:11:12 UTC

Your friends are already trusting you by letting you read whatever they choose to let you read. Trusting you by letting you choose your own password is not different from that.

I'm not going to say what undeletable public message I think should be posted in your journal.

mokie May 20 2011, 03:34:13 UTC

I've got to agree with everyone else on this one, but I do sympathize.

If your computer/browser itself is secure, maybe a password manager would be more practical? Make your passwords as awkward as websites would like, and let the manager take care of filling them in.