Tuesday, December 02, 2008

I don't follow

On the scaling of passwords, Ben Laurie writes
If your password is unphishable, then it is obviously the case that it can be the same everywhere. Or it wouldn’t be unphishable.

I don't follow.

Because I can't be fooled into divulging some credential where I shouldn't means that it is appropriate that I use it everywhere? Are there not other attack vectors that would drool at the thought?

Conversely, that the fact that I can use the same credential everywhere is somehow a necessary aspect of 'unphishability'? 

No comments: