What an absolute failure of the legal system to understand the issue at hand and appropriately assign liability.
Here’s an article with more context, but tl;dr the “hackers” used credential stuffing, meaning that they used username and password combos that were breached from other sites. The users were reusing weak password combinations and 23andme only had visibility into legitimate login attempts with accurate username and password combos.
Arguably 23andme should not have built out their internal data sharing service quite so broadly, but presumably many users are looking to find long lost relatives, so I understand the rationale for it.
Thus continues the long, sorrowful, swan song of the password.
passwords were maybe the dumbest idea ever invented
What is your suggestion for a superior solution to the problems passwords solve?
private keys, etc
That’s literally just a long password that you can never recover your data from when you inevitably lose or forget it (remember we’re talking about the majority of users here who do not use password managers).
there’s literally zero technical reason that a user couldn’t reset a private key the same as a password. after all, you just pointed out they are almost the same.
edit: if you’d like to see an example create SSH keys for your GitHub account and then reset them
That’s… Literally just a long password.
I assumed you were talking about a private key as in cryptographic private key, where your data is encrypted on the remote server and your private key is required for it to be decrypted and for you to use it.
If you just talking about something to get into an SSH key then all that is is a longer password.
not at all. are you expected to remember it? would it even be possible to memorize for most? not even close to the same thing, passwords have very low entropy which causes all their problems
