Dedy Purwanto

Passwords

21 Nov 2012

Today I'm trying out a command line interface for Github's Gist, it's written in Ruby, but I guess that's okay, for me, personally. No, I want to talk about something else that bothers me, before you can send your stuff to Gist, you have to tell the program which Github account you are using, this can be done by specifying your Github username, and your password, your raw, naked, password.

I've encounreted this kind of thing before, I think it was some CLI twitter client, asking me for a raw password. Honestly, after all this time I was using stuff like PGP keys and access_token, having to store my raw password somewhere in my computer doesn't seem convenient, even if no one else uses this computer other than me.

Few questions came accross my mind, why can't we use stuff like access_token? It's safer, I can remove the token without harming my account, people don't get a single chance to see my raw passwords (or even seeing how I pattern my password), or can we even use things like PGP keys? Can I somehow 'upload' my public key into these services and have my private keys with me?. This would be really neat.

I'm not an anti-password kinda guy, I'm completely fine using password, but of course when they are all in better places, like websites. Anyway, in the end I didn't use Gist-cli, it was a very interesting project, but the fact that I have to put my raw password in my client is just a big no, they do provide a way to hash the password, it's just I don't really know if that's the way I want it to be, maybe next time.





© Dedy Purwanto | Archives