Hacker News new | past | comments | ask | show | jobs | submit login

so with two patreon style sites both of which say "we take security seriously" , until they have a breach, how would you judge which one would take better care of your data?

The information (AFAIK) about their security mechanisms only got released as a result of the breach, so even assuming you knew what the terms were and how to judge good security from bad, you wouldn't have the information until the site got compromised.

This is a very common problem, some more examples here http://raesene.github.io/blog/2014/06/08/finding-security/




The information that they didn't store CC cards was available in FAQs previously: https://patreon.zendesk.com/hc/en-us/articles/203913779-Do-y...

The password hashing algorithm wasn't, but then again an informed consumer uses unique passwords for each site, so that's less relevant.


Many informed customers - perhaps most - use the same passwords on many sites because it's too hard to remember hundreds of passwords.


I don't think they're particularly informed if they aren't aware of password managers.


I'm aware, I just can't be bothered. Every time I create an account I ask myself "do I care if this gets compromised?". If the answer is no, then it gets a standard password.


As long as you understand that when that site gets compromised, all other sites where you use your standard password get compromised for you as well. Collectively, all those sites getting compromised for you may be enough of a reason to consider password managers.


They may be informed and "aware" that password managers are a pain to use compared to using the same password for every site.


You can't judge which is better after a single breach either.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: