Hacker News new | past | comments | ask | show | jobs | submit login

I avoid giving a password to random sites online for a reason: I trust Google's password databases to be a lot more airtight than joerandomsite.tld.

That includes password databases.




What's the harm in giving some sketchy site a unique, random password only used with that site? (In contrast to letting them have your Google profile and all that comes with it)


The need to retain one unique random password per site (as opposed to having one extremely secure Gmail password with two factor authentication attached to it).

It's the old twin airplane principal from the hacker's dictionary: the virtue of putting all your eggs in one basket if the basket is built very well.


Something to consider when you save your passwords in Google, you can "forget" and reset your Google account password and all your passwords are still there. Compare that to a proper password manager where if you forget the master password (assuming sufficient complexity) nobody is getting those passwords back ever. So Google has full access to your passwords whenever it feels like it.

As the other commenter said, there's zero risk giving a dodgy site a randomly generated password used only for that site, the randomly generated password gives them no information or pathway to any other web site.


That's a feature, not a bug. I don't want to lose all of my passwords if I have to reset my Google password.


You will lose them all when Google decides to lock your account.


I have them backed up to a second account.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: