![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
I found out from this post that LJ has removed the secure https login, leaving only the insecure http login
So all LJ passwords have likely been or will be harvested for hacking.
GOD DAMN IT TO HELL.
I'm off to DW. My LJ updates will be READ ONLY x-posts from DW. Do not comment here any longer, please -- you won't get a reply!
ETA: As I understand it from LJ's own OpenID login FAQ, one can use OpenID on LJ because using an OpenID login/password completely bypasses. The relevent section says:
Identity accounts use a trust relationship between LiveJournal and the identity service to allow you to comment on LiveJournal using an identity others will recognize without having to create a standard LiveJournal account. LiveJournal does not gain access to your password for the identity service and the identity service does not gain access to your LiveJournal password if you have one.
So, for those comms that don't have a backup/sister comm on DW, I'm going to use my OpenID login to LJ.
If your OpenID is through LiveJournal, your password goes through Livejournal -- through the less secure http standard, which is easy to hack for password theft.
If your OpenID is through another OpenID identity service -- such as Google/Gmail -- your password does not go through Livejournal, it goes to your OpenID identity service, which should use https (Google/Gmail does).
I hope that clarifies somewhat... I know it is confusing!
This also means I have to use Gmail Circles, which I kind of loathe (and don't use). But whatever... at least it's more secure.
So all LJ passwords have likely been or will be harvested for hacking.
GOD DAMN IT TO HELL.
I'm off to DW. My LJ updates will be READ ONLY x-posts from DW. Do not comment here any longer, please -- you won't get a reply!
ETA: As I understand it from LJ's own OpenID login FAQ, one can use OpenID on LJ because using an OpenID login/password completely bypasses. The relevent section says:
Identity accounts use a trust relationship between LiveJournal and the identity service to allow you to comment on LiveJournal using an identity others will recognize without having to create a standard LiveJournal account. LiveJournal does not gain access to your password for the identity service and the identity service does not gain access to your LiveJournal password if you have one.
So, for those comms that don't have a backup/sister comm on DW, I'm going to use my OpenID login to LJ.
If your OpenID is through LiveJournal, your password goes through Livejournal -- through the less secure http standard, which is easy to hack for password theft.
If your OpenID is through another OpenID identity service -- such as Google/Gmail -- your password does not go through Livejournal, it goes to your OpenID identity service, which should use https (Google/Gmail does).
I hope that clarifies somewhat... I know it is confusing!
This also means I have to use Gmail Circles, which I kind of loathe (and don't use). But whatever... at least it's more secure.