On 02/08/2013 11:48, Tom Gardner wrote:
On 02/08/13 10:34, News wrote:


I prefer not to have a single-point-of-attack/failure. Who knows
- whether the company is legit (or the company to which the
company is sold in 5 years time)

- whether it (or servers or operators for cloud services)
has any weaknesses that can be exploited by blackhats

- whether using it would cause liability problems, e.g. it gives a
financial company plausible deniability when your account
is emptied, "broke Ts&Cs by writing it down and/or not keeping
it secure" or similar weasel words

Summary: how do you *know for sure* that your logins are secure?!
At least "my way" I can understand and contain the issues - even
though they may be less secure in some senses.


Its a case of balancing the risks/threats and the convenience. Saving
user details in a browser is not secure (notthat I'm implying this is
your method). Using non-complex passwords is not secure. Running the
risk that a company will become so compromised (either internally or
externally) is potentially a risk - but the one I prefer to take. After
all, its business depends on being seen to be secure.

A certain amount of 'due digience' can be sufficient to let me decide
what I'm prepared to believe/trust. As I said, I'm sure it is
different for others. However, in the case of this company/product, I'm
sufficently happy with it that our organisation has chosen to use its
enterprise version - and that wasn't a decision made lightly.

However, they don't provide any gardening related services, so although
most of this thread is not very gardeing related, I'll leave it there.